Celebrate Excellence in Education: Nominate Outstanding Educators by April 15!
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- Community
- Groups
- Canvas Developers Group
- Forum
- LTI 1.3 | JWT Error
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Found this content helpful? Log in or sign up to leave a like!
LTI 1.3 | JWT Error
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-12-2023
11:34 AM
I am trying to add an assignment and submit as an external tool. I have selected the content from the tool, and when I am trying to deeplink, it throws an error, saying
{"errors":{"jwt":[{"attribute":"jwt","type":"JSON::JWK::Set::KidNotFound","message":"JSON::JWK::Set::KidNotFound"},{"attribute":"jwt","type":"JWT verification failure","message":"JWT verification failure"}]}}
So I tried using JWK instead of Url.
{"keys":[{"kty":"RSA","alg":"RS256","use":"sig","e":"AQAB","n":"0Ll6DEpUsvmlHTlKZD_IozrQfRvM3RFoncjMUjxTOsFDI7t2Qx_TrGzqwR3tjfNcbyym5v9SmSbg4-EQ1hr-cSY_NL6bIT8QT-tb4D-ybj7CYJK7JAfaSX3I5kTuhQcKy2pxVtVuXOrm8VZR7ehtqsZH9tvuEXsgjh2IW0GL3MJ0yfhscd_MDu0BbqGxXaaA_Fs2CGMakWLrhLbK6vnxEOwgz1Vf--cA5YN1-qOgMqRMvTfuQIv1qTSTvXZmfRk790zACHOVMjftao2TRxN2PqF9TshRqqGjzQYo1VmDhcDxBKC1iXkjDowk-V7tBmjfIYxs7jDjABmTbzY0ZRxXGw","kid":"b03a385e7a13e4d1aaa1edf86c9fae047b91ec399a1887862e303e47163d651d"}]}
when I try to add this, I am getting an error there as well.
I have attached the screenshot of the error which reads "Type error: Cannot destructure property 'developer_key' of 'e' as it is undefined. %"
Solved! Go to Solution.
1 Solution
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-03-2023
06:29 PM
So, you're using an array of keys here rather than a single key. If you use this it'll accept the input:
{"kty":"RSA","alg":"RS256","use":"sig","e":"AQAB","n":"0Ll6DEpUsvmlHTlKZD_IozrQfRvM3RFoncjMUjxTOsFDI7t2Qx_TrGzqwR3tjfNcbyym5v9SmSbg4-EQ1hr-cSY_NL6bIT8QT-tb4D-ybj7CYJK7JAfaSX3I5kTuhQcKy2pxVtVuXOrm8VZR7ehtqsZH9tvuEXsgjh2IW0GL3MJ0yfhscd_MDu0BbqGxXaaA_Fs2CGMakWLrhLbK6vnxEOwgz1Vf--cA5YN1-qOgMqRMvTfuQIv1qTSTvXZmfRk790zACHOVMjftao2TRxN2PqF9TshRqqGjzQYo1VmDhcDxBKC1iXkjDowk-V7tBmjfIYxs7jDjABmTbzY0ZRxXGw","kid":"b03a385e7a13e4d1aaa1edf86c9fae047b91ec399a1887862e303e47163d651d"}One interesting thing here though is that after you enter the JWKS and save, the next time you edit the developer key it will revert to Public JWK.
6 Replies
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-12-2023
11:44 AM
It looks like you are getting a "KidNotFound" error. Have you checked that your public key endpoint is accessible by Canvas and that its response includes a public key with the same kid value as used in the JWT you sent?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-13-2023
05:11 AM
My public key url is accessible, the output is
{"keys":[{"kty":"RSA","alg":"RS256","use":"sig","e":"AQAB","n":"0Ll6DEpUsvmlHTlKZD_IozrQfRvM3RFoncjMUjxTOsFDI7t2Qx_TrGzqwR3tjfNcbyym5v9SmSbg4-EQ1hr-cSY_NL6bIT8QT-tb4D-ybj7CYJK7JAfaSX3I5kTuhQcKy2pxVtVuXOrm8VZR7ehtqsZH9tvuEXsgjh2IW0GL3MJ0yfhscd_MDu0BbqGxXaaA_Fs2CGMakWLrhLbK6vnxEOwgz1Vf--cA5YN1-qOgMqRMvTfuQIv1qTSTvXZmfRk790zACHOVMjftao2TRxN2PqF9TshRqqGjzQYo1VmDhcDxBKC1iXkjDowk-V7tBmjfIYxs7jDjABmTbzY0ZRxXGw","kid":"b03a385e7a13e4d1aaa1edf86c9fae047b91ec399a1887862e303e47163d651d"}]}
The kid b03a385e7a13e4d1aaa1edf86c9fae047b91ec399a1887862e303e47163d651d is the same in the JWT which I sent.
The url is : https://psc28113.illuminateed.io/qa28113/ltiadvantage/keyset/?p_name=canvas
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-30-2023
03:57 PM
Have you got any solution here? I've got the same issue!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-03-2023
07:00 AM
Having this issue as well - KID is absolutely in the header of the JWT and is the correct value.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-03-2023
06:29 PM
So, you're using an array of keys here rather than a single key. If you use this it'll accept the input:
{"kty":"RSA","alg":"RS256","use":"sig","e":"AQAB","n":"0Ll6DEpUsvmlHTlKZD_IozrQfRvM3RFoncjMUjxTOsFDI7t2Qx_TrGzqwR3tjfNcbyym5v9SmSbg4-EQ1hr-cSY_NL6bIT8QT-tb4D-ybj7CYJK7JAfaSX3I5kTuhQcKy2pxVtVuXOrm8VZR7ehtqsZH9tvuEXsgjh2IW0GL3MJ0yfhscd_MDu0BbqGxXaaA_Fs2CGMakWLrhLbK6vnxEOwgz1Vf--cA5YN1-qOgMqRMvTfuQIv1qTSTvXZmfRk790zACHOVMjftao2TRxN2PqF9TshRqqGjzQYo1VmDhcDxBKC1iXkjDowk-V7tBmjfIYxs7jDjABmTbzY0ZRxXGw","kid":"b03a385e7a13e4d1aaa1edf86c9fae047b91ec399a1887862e303e47163d651d"}One interesting thing here though is that after you enter the JWKS and save, the next time you edit the developer key it will revert to Public JWK.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-26-2024
09:12 PM
If the JWK is served by URL, the content type needs to be application/json and response JWT needs to have `kid` in the header (which does not seem to be needed if the JWK is embedded in the developer key).
Community Help
View our top guides and resources:
Find My Canvas URL Help Logging into Canvas Generate a Pairing Code Canvas Browser and Computer Requirements Change Canvas Notification Settings Submit a Peer Review AssignmentTo participate in the Instructure Community, you need to sign up or log in:
Sign In