Developer Docs
sgID v2
sgID v2
  • Introduction
    • Overview
    • Getting Started
      • Register Your Application
      • Integrating With sgID
  • Integrations with sgID
    • TypeScript / JavaScript
      • Framework Guides
        • Express (with Single-Page App frontend)
        • Next.js (client-side rendering)
        • Next.js (server-side rendering)
      • API Reference
    • Python
      • Framework Guides
        • Flask (with Single-Page App frontend)
      • API Reference
    • Custom Integration
    • API Documentation
    • Troubleshooting
  • Learn the basics
    • Protocols
      • OAuth 2.0 and OpenID Connect
      • sgID
        • White Paper
    • Integration Patterns
      • Web Server and SSR Frontend
      • Backend for Single-Page App (SPA) Frontend (BFF)
  • Important Updates
    • User Migrations
      • TypeScript SDK v2.0 Major Release
  • Data Catalog
  • FAQ (Developers)
  • FAQ (Users)
  • Contact
Powered by GitBook
On this page
  • Overview
  • Government-verified data
  • Privacy
  • White Paper
Export as PDF
  1. Learn the basics
  2. Protocols

sgID

PreviousOAuth 2.0 and OpenID ConnectNextWhite Paper

Last updated 1 year ago

Overview

sgID is an OpenID Connect (OIDC) by the Singapore government. sgID uses a privacy-preserving version of the OIDC protocol. This allows applications to integrate with sgID based on familiar industry standards, while providing privacy guarantees for end users.

sgID's implementation of OpenID Connect (OIDC) supports the standard . This means that integration steps are based on the familiar OAuth 2.0 authorization code flow.

Government-verified data

As a government identity provider, sgID distinguishes itself from private sector identity providers because it provides Singapore resident data that is verified by the government to be true. Because the data is both signed and separately encrypted with an end user-specific key pair, this allows sgID to verify that the data is not tampered with when the sgID relying party receives it.

Privacy

One of the key features of the sgID protocol is its privacy-preserving approach. End user data is encrypted with keys held on their device, so the sgID server handling the transaction cannot read the data that is being transmitted. This means that only the end user knows who they've been transacting with, and what information has been transacted.

sgID enforces client-specific identifiers. This means that different sgID relying parties receive different identifiers for the same end user. For example, if Xiao Ming logs into McDonald's with sgID, McDonald's might receive Xiao Ming's data, identifying him with a system ID of abcde. But if Xiao Ming logs into KFC, with sgID, KFC will receive a different system ID, such as 12345.

White Paper

If you're interested in learning more about the design of the sgID protocol, you can refer to the sgID .

identity provider
authorization code grant type
White Paper