sgID

sgID is an authentication and data sharing service offered by the Singapore government. It is designed with privacy-preserving features, making it a unique identity provider (IdP) that operates using OAuth 2.0 and OIDC protocols. This means that any application can integrate with sgID based on these industry standards.

sgID's implementation of OAuth and OIDC supports the standard authorization code grant type. This means that integration steps are based on the OAuth2.0 authorization code flow.

One of the key features of sgID is its privacy-preserving approach. When a user logs in using sgID, the IdP does not return any user information in the id_token (claim). Instead, the only available claim in the id_token is sub, which stands for "subject". This is a unique identifier assigned to the user that is associated with a particular relying party.

To obtain encrypted user information, the relying party can make a request to the /userinfo endpoint with the access_token obtained from the OAuth 2.0 flow. The relying party can then decrypt the userinfo with their private key, obtained from the registration process. The cryptography used by sgID ensures that this information remains private and secure. If you're interested in learning more about how the cryptography works, you can refer to the sgID white paper.

Overall, sgID provides a privacy-preserving approach to data sharing and authentication. Its compliance with industry standards and its focus on privacy make it a unique solution for identity providers.

PreviousOAuth and OpenID Connect NextWhite Paper

Last updated 2 years ago