I'm trying to build an app that automatically tests user marks and sends emails for some users based on their marks. For that, I need to use the Web Hooks Subscriptions API and as stated in that document I have to use the JWT authentication. For that, I started testing method 2.0 mentioned in the JWT Access Tokens for LTI2 Tools document. But I'm facing few issues.

1. To create a signed JWT in need following data:

my_jwt = {
  "sub": "123123-ad13-ac233", // tool proxy guid
  "aud": "https://my.canvas-domain.com/api/lti/accounts/1/authorize", // authorization URL used for authorization request
  "exp": 1486393868, // expiration time
  "iat": 1486393800, // issued at
  "jti": "688700c2-4bc1-40b7-83e5-7cbf54f93305" // Random UUID for request
}

But it is not clear what is "tool proxy grid"

2. I tried authorization code with test dummy values for above as follows:

const data = {
    jti: '688700c2-4bc1-40b7-83e5-7cbf54f93305',
}

const token = jwt.sign(data, 'my-secret',{
    algorithm: 'HS256',
    expiresIn: '1h',
    audience: '<my-custom-canvas-instance-url>/api/lti/accounts/1/authorize', // authorization URL used for authorization request
    subject: '123123-ad13-ac233', // tool proxy guid
});

try {
    const apiResp = await axios({
        method: 'post',
        url: '<my-custom-canvas-instance-url>/api/lti/accounts/1/authorize',
        data: {
            grant_type: 'authorization_code',
            assertion: token,
        },
    });
    console.log('apiResp : ', apiResp);
    return res.status(200).send({ apiResp });
} catch (err) {
    console.log('Something went wrong. Error : ', err.response.data.error);
    return res.status(500).send({ error: err.response.data.error });
}

But it gives me an error saying "invalid_grant", So what should be the correct grant type?

3. For signing the above jwt token, what secret should I use, and where can I get it? 
> 'my-secret' in the above code snippet.

I'm quite new to this domain and please help me. Thanks.