LTI 1.3 : What to do with the id_token in Step 4

glparker
Community Champion

I've setting up a hello world LTI 1.3 ,and I've got it working to the point that I'm getting back what appears to be a valid 

id_token

I can take this id_token, and paste it into https://jwt.io/ and I can see expected results.

What I can't figure out is what jwt.io is doing to decode/decrypt this id-token.   The docs say
https://canvas.instructure.com/doc/api/file.lti_dev_key_config.html

But the linked docs don't say "How" to perform this verification.    

What is the workflow for decoding and validating the id_token once we've gotten it?

0 Likes