Community Member

LTI 1.3 Deep Linking Response Error "Client not found"

Jump to solution

I am trying to enable Deep Linking with my LTI 1.3 Tool, and keep getting this same error no matter what I change. Canvas is able to successfully launch the iframe from the assignment selection placement, complete the OIDC flow, and sends the LtiDeepLinkingRequest. After clicking on a resource for deep linking, a JWT is generated and signed on the server, added to a form on the page, and submitted. Each time I see the following error:

{"errors":{"jwt":[{"attribute":"jwt","type":"Client not found","message":"Client not found"}]}}


I have created an LTI Key with my admin Canvas account with the Public JWK specified there. Then I sign into an Instructor account to use the LTI 1.3 for deep linking while creating a new assignment.

The JWT is being signed by the Private JWK that corresponds to the Public JWK configured in the LTI Key (same "kid").

Here is the form on the page that is being submitted:

<form id="form" method="post" action="${redirect_url}" style="display: none;">
    <input id="id_jwt" name="JWT" required>


And here's the JWT that is sent via form POST to Canvas through the "deep_link_return_url" from the "https://purl.imsglobal.org/spec/lti-dl/claim/deep_linking_settings":

  "header": {
  "payload": {
    "https://purl.imsglobal.org/spec/lti/claim/deployment_id": "286:9d215328b9385094cdaa191d322ee2edc151b521",
    "https://purl.imsglobal.org/spec/lti/claim/message_type": "LtiDeepLinkingResponse",
      "title":"HTML Basics",
      "text":"HTML Basics",


I followed all the documentation here: https://www.imsglobal.org/spec/lti-dl/v2p0#lti-resource-link

I am stuck and have no idea what the "Client not found" error is related to. The client ID is included in the "azp" and "sub" fields. Following this same format of signed JWT has worked for the Grade Passback feature of LTI 1.3.

Please share if you have any ideas or possible fixes.

0 Kudos
1 Solution
Community Member

The solution to this problem was that the iss claim for the Tool JWT needs to be the Client ID, which is the same value from the azp claim in the "LtiDeepLinkingRequest" from the platform.

In the documentation, the iss and azp are the same value, I should have caught on to that. It's also in these docs: https://www.imsglobal.org/spec/security/v1p0/#tool-jwt

View solution in original post

0 Kudos