cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
DannyHarding
Community Member

Unable to generate access token from LTI tool in dev (localhost)

Jump to solution

I am attempting to generate an access token from my LTI tool using the `POST login/oauth2/token` endpoint and the grant_type "client_credentials", but I am unable to get a successful response. I've tried multiple approaches, but the only response I get is a 500 error with the html that makes this page.

DannyHarding_0-1629380644571.png

I am looking for anyone who may have had a similar problem, or could possibly point me in the right direction.

I have done my best to confirm that I have the correct `client_assertion_type`, `client_assertion`, and `scope`. I'm surprised at the html response, as I would expect the error to come back as json if my request was incorrect. The fact that the error code is a 500 and not in the 4xx range is also troubling, and I'm not sure what I can do to fix an internal server error in Canvas. Here is what my request data looks like

{
"grant_type": "client_credentials",
"client_assertion_type": "urn:ietf:params:oauth:client-assertion-type:jwt-bearer",
"scope": "https://purl.imsglobal.org/spec/lti-nrps/scope/contextmembership.readonly",
"client_assertion": "the.signed.jwt"
}

 I tried sending this as url encoded form data, form data, and json, all of which gave the same response of the generic Error html page. I am open to pretty much anything at this point, because without this working I won't be able to have my LTI tool do anything that interesting. Thanks for your help!

Labels (4)
0 Kudos
1 Solution

Accepted Solutions
DannyHarding
Community Member

I was able to get this working by manually entering the public key in the Developer Key config. I had it set to use the JWK Url option with the url located at `localhost:3000/etc/etc`, but naturally Canvas is unable to read my public keys off of `localhost` 🤦‍.  I still wish Canvas had returned a JSON error that said "can't access public key", or even just "invalid public key", but I'm just happy I got it working.

NOTE: if you need to switch from Public JWK url to Public JWK, you need to delete the url and then insert your jwk. Otherwise it will default back to the jwk url.

 

View solution in original post

0 Kudos
2 Replies
DannyHarding
Community Member

I was able to get this working by manually entering the public key in the Developer Key config. I had it set to use the JWK Url option with the url located at `localhost:3000/etc/etc`, but naturally Canvas is unable to read my public keys off of `localhost` 🤦‍.  I still wish Canvas had returned a JSON error that said "can't access public key", or even just "invalid public key", but I'm just happy I got it working.

NOTE: if you need to switch from Public JWK url to Public JWK, you need to delete the url and then insert your jwk. Otherwise it will default back to the jwk url.

 

View solution in original post

0 Kudos
matthew_buckett
Community Contributor

@DannyHarding I has a similar experience of getting the LTI Advantage APIs working, the error messages are not very helpful and it would be really useful if it gave you some more debugging information about what was wrong.

I hit the same bug of needing to delete the URL first which is completely unintuitive. I wish Instructure would fix this so more people don't run into it.