Community Help

DannyHarding · ‎08-19-2021

I am attempting to generate an access token from my LTI tool using the `POST login/oauth2/token` endpoint and the grant_type "client_credentials", but I am unable to get a successful response. I've tried multiple approaches, but the only response I get is a 500 error with the html that makes this page.

I am looking for anyone who may have had a similar problem, or could possibly point me in the right direction.

I have done my best to confirm that I have the correct `client_assertion_type`, `client_assertion`, and `scope`. I'm surprised at the html response, as I would expect the error to come back as json if my request was incorrect. The fact that the error code is a 500 and not in the 4xx range is also troubling, and I'm not sure what I can do to fix an internal server error in Canvas. Here is what my request data looks like

{
   "grant_type": "client_credentials",
   "client_assertion_type": "urn:ietf:params:oauth:client-assertion-type:jwt-bearer",
   "scope": "https://purl.imsglobal.org/spec/lti-nrps/scope/contextmembership.readonly",
   "client_assertion": "the.signed.jwt"
}

I tried sending this as url encoded form data, form data, and json, all of which gave the same response of the generic Error html page. I am open to pretty much anything at this point, because without this working I won't be able to have my LTI tool do anything that interesting. Thanks for your help!

DannyHarding · ‎08-19-2021

I was able to get this working by manually entering the public key in the Developer Key config. I had it set to use the JWK Url option with the url located at `localhost:3000/etc/etc`, but naturally Canvas is unable to read my public keys off of `localhost` 🤦‍. I still wish Canvas had returned a JSON error that said "can't access public key", or even just "invalid public key", but I'm just happy I got it working.

NOTE: if you need to switch from Public JWK url to Public JWK, you need to delete the url and then insert your jwk. Otherwise it will default back to the jwk url.

View solution in original post

DannyHarding · ‎08-19-2021

I was able to get this working by manually entering the public key in the Developer Key config. I had it set to use the JWK Url option with the url located at `localhost:3000/etc/etc`, but naturally Canvas is unable to read my public keys off of `localhost` 🤦‍. I still wish Canvas had returned a JSON error that said "can't access public key", or even just "invalid public key", but I'm just happy I got it working.

NOTE: if you need to switch from Public JWK url to Public JWK, you need to delete the url and then insert your jwk. Otherwise it will default back to the jwk url.

matthew_buckett · ‎08-23-2021

@DannyHarding I has a similar experience of getting the LTI Advantage APIs working, the error messages are not very helpful and it would be really useful if it gave you some more debugging information about what was wrong.

I hit the same bug of needing to delete the URL first which is completely unintuitive. I wish Instructure would fix this so more people don't run into it.

Unable to generate access token from LTI tool in dev (localhost)

access tokens

API

LTI

tool provider

Current graded by

Item limit on "Add to Module" dialog box and solut...

How to enable Upload/Recording Media option to tak...

outh2 flow token generation

Acceder a la

Current graded by

If I have a Course ID, Quiz ID and a Question ID c...

How can I access previous year data using canvas L...

For new LTI tool - XML or JSON? Which is preferred...

Item limit on "Add to Module" dialog box and solut...

You're signed out

Unable to generate access token from LTI tool in dev (localhost)

Community Help

View our top guides and resources: