Where applications need to obtain an access_token without user interaction, application should provide a signed JWT (http://tools.ietf.org/html/draft-ietf-oauth-jwt-bearer-07).

Endpoint

POST /oauth/token

Parameters

Parameter	Mode	Type	Description
auth_token	required	String	The signed JWT
grant_type	required	String	Must be “jwt-bearer”

Structure of JWT

Field	Mode	Description
iss	required	The issuer of the secret key. Must be "oauth.edutone.com"
aud	required	The hostname where JWT will be verified
sub	required	The client_id issued for secret key by SSO Passport
exp	required	The time window in seconds while token is valid
iat	required	The time in seconds from 1 Jan 1970 GMT when JWT is created
pid	required/optional*	The identifier of the user in SSO Passport for whom the access_token to be created. Should be provided for existing user and if prn value is not provided
prn	required/optional*	The email of the user for whom access_token to be created. Should be provided for existing user and if pid value is not provided.

* The following fields must be filed to create (if pid/prn aren’t provided) or update (if pid/prn are provided) an account on the fly. For an account creation all the “required” fields must be presented otherwise non personalized access_token is granted. For account update only new (not empty) field values must be provided.

Field	Mode	Description
first	required/optional	First name
last	required/optional	Last name
email	optional	Email address
school	required/optional	Identifier of the school associated with the user. Cannot be updated.
role	required/optional	Role of the user
type	required/optional	User's type - one of the following values: “school_admin”, ”teacher ”, ”student”, ”parent”, “contact”
external_id	required/optional	Identifier of the user in the external system (SIS/LMS etc). Used as a unique user’s key within school thus forbidding creation of accounts with the same external_id value. External ID is forbidden for update
grade	optional	Grade of the student (ignored for non “student” user types) - range of values from “-3” to “15”