JWKS Format

jrpburgos
Community Member

I wanted to know what format should the output be from a Public JWKS Url (from a Tool provider) that is used in LTI 1.3?

This is what we are sending out in our public url

{
"keys": [
{
"kid": "PKOegFlbTOO7tlr2UQpcO7R3xEFysVPkoA6WjF-l5To",
"kty": "RSA",
"e": "AQAB",
"n": "1Yh9NPQdVKgDwEN8jtlXq-1RhfqhKZ9qQAQTPrmrEJRJvzoHqPPi8W5Jh8-_fGX6rEzmttWdcTGU-dJCEUlXvnC2YXypf4HyQ9o2iEWBfYNWeBum6ti0Vuttetpszc9uwcE4z9wJXz7ejMqunn_PvJLmp7m9Ccap9gHNgB1Kr0wMIzYIApsMdmvcKSwdMoxWGTWgMDlHtbO8ea3FPW4W0kZPyv-WvngoxD5YIvfxo5_3vAVRRLSY--gUQ0WJ6yg8aKcdwF-mqVJgVAPvP6_xubpmf0dGCwzv0nhOF6OjpDQKRYRbzg_uU7ZWnRwBg6SslzdNBTZlnn_qCDYzI4_xBQ",
"alg": "RS256",
"use": "sig"
}
]
}

But this gets an JWK invalid key error message when I request a token for AGS. I checked (and re-checked) the format and the values against JWT.IO, generated a JWKS from mkjwk.org and used that. And it just gets an error.

The only way I could get a token was to take the single key out of the keyset and paste it into the Public JWK field in the developer key. Which lead me to believe that Canvas is looking for a particular format of the JWKS. Can someone please show me what that format is supposed to be?

And also there is a bug in creating the Developer key for an LTI app. Once you enter a value for the Public JWK URL it can't be replace with a Public JWK value. You have to delete the Dev Key and start over.

Users who also had this question