Service Level Authorization

Where applications need to obtain an access_token without user interaction, application should provide a signed JWT (http://tools.ietf.org/html/draft-ietf-oauth-jwt-bearer-07).

Endpoint

POST /oauth/token

Parameters

ParameterModeTypeDescription
auth_tokenrequiredStringThe signed JWT
grant_typerequiredStringMust be “jwt-bearer”

Structure of JWT

FieldModeDescription
issrequiredThe issuer of the secret key. Must be "oauth.edutone.com"
audrequiredThe hostname where JWT will be verified
subrequiredThe client_id issued for secret key by SSO Passport
exprequiredThe time window in seconds while token is valid
iatrequiredThe time in seconds from 1 Jan 1970 GMT when JWT is created
pidrequired/optional*The identifier of the user in SSO Passport for whom the access_token to be created. Should be provided for existing user and if prn value is not provided
prnrequired/optional*The email of the user for whom access_token to be created. Should be provided for existing user and if pid value is not provided.

* The following fields must be filed to create (if pid/prn aren’t provided) or update (if pid/prn are provided) an account on the fly. For an account creation all the “required” fields must be presented otherwise non personalized access_token is granted. For account update only new (not empty) field values must be provided.

Field

Mode

Description

first

required/optional

First name

last

required/optional

Last name

email

optional

Email address

school

required/optional

Identifier of the school associated with the user. Cannot be updated.

role

required/optional

Role of the user

type

required/optional

User's type - one of the following values:
“school_admin”, ”teacher ”, ”student”, ”parent”, “contact”

external_id

required/optional

Identifier of the user in the external system (SIS/LMS etc). Used as a unique user’s key within school thus forbidding creation of accounts with the same external_id value. External ID is forbidden for update

grade

optional

Grade of the student (ignored for non “student” user types) - range of values from “-3” to “15”