AGS access token is invalid

Jump to solution
Community Member

An LTI 1.3 tool I'm working on posts grades to Canvas through the LTI grading service. For most institutions this works just fine, but two of them are getting this error: Invalid access token field/s: the 'aud' is invalid. I've confirmed that the audience claim matches what is in the Canvas LTI docs. I have other institutions using canvas who's access tokens look similar and they aren't having any issues. Any ideas what is going on?

1 Solution
Community Member

@adrian-rocke were you able to get answer for this issue?  

We have a similar issue. What we've discovered is that the "audience" claim in the access token is compared with the domain used in the lineitem url. And if the two don't match, the access token is flagged as invalid. It's repeatable. I would like to know if there is a way to support canvas sites that use different DNS aliases. Launching from an external LTI 1.3 tool isn't an issue. It's when the external tool tries to post back using the access token that seems to run into this problem.


View solution in original post