matthew_buckett
Community Contributor
‎08-23-2024 02:10 AM

Some things I've run into in the past with JWK URLs:

  • The content-type header on your JWK URL, you have `application/json` which is known to work. Some RFCs state that `application/jwk-set+json` should also work but there have been reports of this being broken in the past (I'm not sure if it's fixed now).
  • That you are adding a `kid` claim when creating your signed JWT. I think that when you upload a single JWK to Canvas it doesn't require you to set a `kid` claim in your JWT, but as soon as you switch to a JWK set (which can contain multiple JWKs) it refuses to verify the JWT unless it has a matching `kid` claim. I think this is the most likely problem.
  • That the developer key values are correctly updating when saving. There used to be a bug where some JWK values didn't save correctly and if you still had a JWK URL set when you pasted in a JWK key it would continue to use the URL. This was really confusing when I was testing things, but the "fix" used to be to clear out the URL before switching the dropdown. I don't think this is the issue you're seeing but might not be helping with debugging.
  • That the URL is accessible to Canvas. 

What error are you getting back from Canvas?

View solution in original post

1 person found this solution to be helpful.
Who Me Too'd this solution