Hi all,
I've been researching the capability within IRIS for Health OAuth2 machine-to-machine authentication. IRIS is the client in this case. 
Specifically, the idea is to build JWT claims, sign with a private key and then send a POST request as a client assertion to receive a bearer token. The bearer token would then be used in a subsequent request.
I've learnt one way to do this (described below) . Leaving out any concern about attaching the client_assertion, token caching etc. and focusing on just creating a signed-JWT.