Showing results for 
Show  only  | Search instead for 
Did you mean: 
Community Member

LTI 1.3 w/ Deep Linking 2.0 - How to sign/encode Tool JWT Payload when using Public JWKS url?


I'm not sure if this falls outside of the scope of discussion of this forum, but I figured someone here might have dealt with a similar issue.

I'm working on a Canvas LTI 1.3 integration, including Deep Linking 2.0. I'm using Google as my OpenId Connect Provider, with their public JWKS here:

When sending the Deep Link JWT payload from the Tool (my dev environment) back to the Platform (Canvas), I need to sign or encode it, but I'm not sure how to go about that with the public JWKS.

So far I've been working with the LTI Reference Implementation ( to follow as an example of what needs to be done, but when trying to recreate the setup with a JWKS similar to what I have with Canvas, I get a "Neither PUB key nor PRIV key:: nested asn1 error". I've searched around for causes for this error but I'm not sure any applies to what I'm trying to do, so I'm a bit lost at the moment.

The Reference Implementation, when using a JWKS, still requires that a public and/or private key is shared between the Tool and Provider, but I don't see any option like that in Canvas (just JWKS) so not sure how the Reference Implementation translates to Canvas.

Any ideas?


0 Kudos
0 Replies