[problem] open source canvas connect to leganto
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
hi everone:
our library wants to connect Leganto to canvas(open source ver.).
now all setting seems to well, but it's still not work.
we found two problems:
1. In this link:
https://cool-testing.dlc.ntu.edu.tw/api/lti/security/jwks
you can see the value of the ‘n’ parameter is 86 characters:
And also, the ‘alg’ parameter is missing.
When I compare it to another Canvas (https://canvas.instructure.com/api/lti/security/jwks) I can see that the length of the ‘n’ parameter is 342 characters and there is the ‘alg’ parameter.
2. In the reading list,when we open the leganto link, there is the error message:
" Failed LTI 1.3 validation: Invalid token: The verification key's size is 512 bits which is not secure enough for the RS256 algorithm. The JWT JWA Specification (RFC 7518, Section 3.3) states that keys used with RS256 MUST have a size >= 2048 bits. Consider using the io.jsonwebtoken.security.Keys class's 'keyPairFor(SignatureAlgorithm.RS256)' method to create a key pair guaranteed to be secure enough for RS256. See https://tools.ietf.org/html/rfc7518#section-3.3 for more information. JWT: null "
Could this "RS256 MUST have a size >= 2048 bits." be set in Canvas?
Above all, , Are the two error differences between open source ver. and official ver. ?
thank you !