[14 Jun 2024] Error tolerance in Authorization API v2.0 and Actions Required

Corppass API Version Upgrade: v1.5 to v2.0

We previously announced the upgrade of our API specifications from v1.5 to v2.0. As part of this upgrade, stricter adherence to OpenID Connect (OIDC) standards will be enforced by the system, particularly for the client_assertion parameter.

Impact on Partner Services

With the upgrade to v2.0, OIDC standards will be STRICTLY enforced for enhanced security for users.

The implication of this approach means that RP e-services which have missing or incorrect implementations of the client_assertion parameter WILL fail in v2.0. This was incorrectly tolerated in the v1.5 implementation with ISAM, as our previous system allowed for such non-conformance, and we are taking steps to rectify this to strengthen security and reliability of Corppass.

Most partner e-services should have complied fully with OIDC standards, and hence should not face any issues with the upgrade to v2.0. 

Action Required

1. Partners who have not yet tested their configurations in the STAGING environment are strongly advised to do so immediately. They should ensure that their client_assertion configurations meet all OIDC requirements and test them thoroughly in the staging environment before the v2.0 upgrade in production.
2. Partners who did not comply with OIDC standards will need to update their configurations to avoid potential disruptions to service.