Set up Singpass login in production

Hi, I am not sure how to set up the Singpass login with the Auth0 plugin in production. The support team has managed to make the staging work, but they are not providing support for actual production set-up.

I have tried to duplicate the Github extension but it is giving me an error “invalid client_id”. For the production app, do I have to create the login as a Regular Web application and connect it to the Express app deployed in Heroku for the login to work?

Will I also have to purchase the Enterprise plan for OIDC or any other additional setup?

You need to deploy a self-hosted proxy to enable production mode in Singpass. The integration configuration in Auth0 only allows you to select staging mode. You also need a different set of client credentials for production, which should be obtained from Singpass. Staging credentials won’t work in production.

You can find the code and instructions for the self-hosted proxy on GitHub. You need to change the upstream server to id.singpass.gov.sg in the config file. You also need to create a custom connection in Auth0 using the client ID and secret from the companion app. You can follow the steps in this guide to configure Singpass as an OAuth provider in WordPress.

You do not need to purchase the Enterprise plan for OIDC, as Singpass uses OIDC authorization code flow. You can use the Regular Web Application template in Auth0 and connect it to your Express app deployed in Heroku. You can also use the Auth0 Universal Login to enable Singpass login with QR code.

I hope this helps :slight_smile:

1 Like