Structure of Passport’s auth_token's claims

New attributes can be added to JSON response. Client side implementation should not rely on the order of the attributes.

  "sub": "808980",
  "ctx": "personal",
  "roles": [
  "iss": "",
  "client_id": "PTRYQPSEIH",
  "aud": "PTRYQPSEIH",
  "nbf": 1637782955,
  "org_id": 348970,
  "scope": "profile",
  "username": "sslaylock",
  "guid": "ff3801b6-3ac1-345d-7211-6dbe9213a233",
  "exp": 1637784755,
  "iat": 1637782955,
  "jti": "cd4901c9-4ac0-475a-8a59-5dbe9213a00f"
issStringUnique identifier for the entity that issued the JWT
subGuidInternal unique identifier of the user
audStringIdentifies the authorization server as an intended audience. The hostname that processed the request
expIntegerUnix Timestamp at which the JWT expires
iatIntegerUnix Timestamp at which the JWT was issued
districtGuidThe unique id of user’s district in SSO Platform
schoolGuidThe unique id of user’s organization in SSO Platform
typeStringUser's type - one of the following values: “district_admin”, “school_admin”, ”teacher”, ”student”, “contact”
last_modifiedIntegerUnix timestamp when attributes of the user were modified (reserved for future use)