Parent Portal: Create an Invitation Link via JWT Token

Generate a JWT token-based account setup link for parents to use their Passport Portal credentials instead of Google or Facebook.

Audience: ✅District Admin 

If parents in your district have requested the ability to use their Passport Portal credentials instead of logging in with Google or Facebook, you will need to generate a JWT token-based account setup link and send it to them.

JWT (JSON Web Token) is a widely used method for secure user authentication in web applications. This article guides you in generating a JWT token for a user to authenticate to the Parent Portal with their School Passport credentials. JWT token consists of three parts:

  • Header: Сontains metadata about the token, such as the algorithm used for signing.
  • Payload: Сontains the claims or the JSON object.
  • Signature: Ensures the token's integrity and verifies it hasn't been falsified.

To learn more about a JWT token structure, see JSON Web Signature (JWS).

Encoding a JWT token produces representation in this order Header.Payload.Signature separated with period ('.') characters. JWT encoding example:


Before you begin

Sync parents' data. This ensures that all relevant information is up-to-date.

Step 1. Request OAuth API credentials

To generate a JWT token, required OAuth API user credentials, such as Client ID and Client Secret. To obtain these credentials, please contact GG4L Support and request them.

Step 2. Create a JWT token

  1. Access debugger.
  2. On the Algorithm, select HS256.
    JWT_Choose Algorithm
  3. In the Payload add Client ID, Contact‌ GUID, and‌ expiration time and ‌issued‌ time of ‌JWT‌ token.
    JWT_Edit Payload
    The following code shows an example of JWT Payload. 
    ‌{‌ ‌

    "iss":‌ ‌"",‌ ‌
    "sub":‌ ‌"contact_setup_test",‌
    "exp":‌ ‌1590678063,‌
    "iat":‌ ‌1590660063,‌
    "guid":‌ ‌"50a5374f-2108-4a60-b7eb-ab9fb5cd094a"‌
      • iss  (“Issuer”): The issuer of the claim used to identify the application. Use “”.
      • sub: Client ID. 
      • exp ("Expiration"): The timestamp when the token stops being valid, specified as seconds since 00:00:00 UTC, January 1, 1970. The maximum lifetime of a token is 24 hours.
    • iat (“Issued At”): The timestamp when the token was created, specified as seconds since 00:00:00 UTC, January 1, 1970.
    • guid: Contact`s GUID.
  4. In the Verify signature, enter Client Secret.
    JWT_Edit Signature

Your encoded JWT token is successfully generated.

Step 3. Create a link

After creating a JWT token, proceed to modify it to a URL. To do so, select and copy the encoded JWT token and append it to the following URL: 

For example:

Please send a resulting URL to a parent/guardian so that they can configure their Parent Portal account.

See also

What is Parent Portal?

Sign in to Parent Portal

Navigate the Parent Portal Dashboard

Activate Parent Portal for Your Organization