Access & Security
      Back to home
      1. Help Center
      2. Profile & Administering
      3. Access & Security

      Parent Portal: Create an Invitation Link via JWT Token

      Generate a JWT token-based account setup link for parents to use their Passport Portal credentials instead of Google or Facebook.

      Audience: ✅District Admin 

      In this article

      Before you begin

      Step 1. Request OAuth API credentials

      Step 2. Create a JWT token

      Step 3. Create a link

      If parents in your district have requested the ability to use their Passport Portal credentials instead of logging in with Google or Facebook, you will need to generate a JWT token-based account setup link and send it to them.

      JWT (JSON Web Token) is a widely used method for secure user authentication in web applications. This article guides you in generating a JWT token for a user to authenticate to the Parent Portal with their School Passport credentials. JWT token consists of three parts:

      • Header: Сontains metadata about the token, such as the algorithm used for signing.
      • Payload: Сontains the claims or the JSON object.
      • Signature: Ensures the token's integrity and verifies it hasn't been falsified.

      To learn more about a JWT token structure, see JSON Web Signature (JWS).

      Encoding a JWT token produces representation in this order Header.Payload.Signature separated with period ('.') characters. JWT encoding example:

      eyJhbGciJIUzIR6IkpXVCJ9.eyJzdWIiOiIF0IjTE2MjM5MDIfQ.SflKxwRJSMedsw5c

      Before you begin

      Sync parents' data. This ensures that all relevant information is up-to-date.

      Step 1. Request OAuth API credentials

      To generate a JWT token, required OAuth API user credentials, such as Client ID and Client Secret. To obtain these credentials, please contact GG4L Support and request them.

      Step 2. Create a JWT token

      1. Access jwt.io debugger.
      2. On the Algorithm, select HS256.
        JWT_Choose Algorithm
      3. In the Payload add Client ID, Contact‌ GUID, and‌ expiration time and ‌issued‌ time of ‌JWT‌ token.
        JWT_Edit Payload
        The following code shows an example of JWT Payload. 
         
        ‌{‌ ‌

        "iss":‌ ‌"jwtp.gg4l.com",‌ ‌
        "sub":‌ ‌"contact_setup_test",‌ 
        "exp":‌ ‌1590678063,‌
        "iat":‌ ‌1590660063,‌
        "guid":‌ ‌"50a5374f-2108-4a60-b7eb-ab9fb5cd094a"‌
        }‌
          • iss  (“Issuer”): The issuer of the claim used to identify the application. Use “jwtp.gg4l.com”.
          • sub: Client ID. 
          • exp ("Expiration"): The timestamp when the token stops being valid, specified as seconds since 00:00:00 UTC, January 1, 1970. The maximum lifetime of a token is 24 hours.
        • iat (“Issued At”): The timestamp when the token was created, specified as seconds since 00:00:00 UTC, January 1, 1970.
        • guid: Contact`s GUID.
      4. In the Verify signature, enter Client Secret.
        JWT_Edit Signature

      Your encoded JWT token is successfully generated.

      Step 3. Create a link

      After creating a JWT token, proceed to modify it to a URL. To do so, select and copy the encoded JWT token and append it to the following URL:

      https://sso.gg4l.com/contact/setup?t= 

      For example:

      https://sso.gg4l.com/contact/setup?t=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJqd3RwLmdnNGwuY29tIiwic3ViIjoiY29udGFjdF9zZXR1cF90ZXN0IiwiZXhwIjoxNjc2MDQxNTEyLCJpYXQiOjE2NzU5NTUxMTIsImd1aWQiOiIyZTQ5NzE1My02NzczLTRhNTItOWNmMS1hNjM5MzJmNjExZWQifQ.WStKiPFmtMQkQWuADksF7kQqJFAir0HQb5Ozc99qxkQ

      Please send a resulting URL to a parent/guardian so that they can configure their Parent Portal account.

      See also

      What is Parent Portal?

      Sign in to Parent Portal

      Navigate the Parent Portal Dashboard

      Activate Parent Portal for Your Organization