Where applications need to obtain an access_token without user interaction, application should provide a signed JWT (http://tools.ietf.org/html/draft-ietf-oauth-jwt-bearer-07).
Endpoint
POST /oauth/token
Parameters
| Parameter | Mode | Type | Description |
|---|---|---|---|
| auth_token | required | String | The signed JWT |
| grant_type | required | String | Must be “jwt-bearer” |
Structure of JWT
| Field | Mode | Description |
|---|---|---|
| iss | required | The issuer of the secret key. Must be "oauth.edutone.com" |
| aud | required | The hostname where JWT will be verified |
| sub | required | The client_id issued for secret key by SSO Passport |
| exp | required | The time window in seconds while token is valid |
| iat | required | The time in seconds from 1 Jan 1970 GMT when JWT is created |
| pid | required/optional* | The identifier of the user in SSO Passport for whom the access_token to be created. Should be provided for existing user and if prn value is not provided |
| prn | required/optional* | The email of the user for whom access_token to be created. Should be provided for existing user and if pid value is not provided. |
* The following fields must be filed to create (if pid/prn aren’t provided) or update (if pid/prn are provided) an account on the fly. For an account creation all the “required” fields must be presented otherwise non personalized access_token is granted. For account update only new (not empty) field values must be provided.
| Field | Mode | Description |
|---|---|---|
| first | required/optional | First name |
| last | required/optional | Last name |
| optional | Email address | |
| school | required/optional | Identifier of the school associated with the user. Cannot be updated. |
| role | required/optional | Role of the user |
| type | required/optional | User's type - one of the following values: “school_admin”, ”teacher ”, ”student”, ”parent”, “contact” |
| external_id | required/optional | Identifier of the user in the external system (SIS/LMS etc). Used as a unique user’s key within school thus forbidding creation of accounts with the same external_id value. External ID is forbidden for update |
| grade | optional | Grade of the student (ignored for non “student” user types) - range of values from “-3” to “15” |