Community Member

Unable to generate access token from LTI tool in dev (localhost)

Jump to solution

I am attempting to generate an access token from my LTI tool using the `POST login/oauth2/token` endpoint and the grant_type "client_credentials", but I am unable to get a successful response. I've tried multiple approaches, but the only response I get is a 500 error with the html that makes this page.


I am looking for anyone who may have had a similar problem, or could possibly point me in the right direction.

I have done my best to confirm that I have the correct `client_assertion_type`, `client_assertion`, and `scope`. I'm surprised at the html response, as I would expect the error to come back as json if my request was incorrect. The fact that the error code is a 500 and not in the 4xx range is also troubling, and I'm not sure what I can do to fix an internal server error in Canvas. Here is what my request data looks like

"grant_type": "client_credentials",
"client_assertion_type": "urn:ietf:params:oauth:client-assertion-type:jwt-bearer",
"scope": "https://purl.imsglobal.org/spec/lti-nrps/scope/contextmembership.readonly",
"client_assertion": "the.signed.jwt"

 I tried sending this as url encoded form data, form data, and json, all of which gave the same response of the generic Error html page. I am open to pretty much anything at this point, because without this working I won't be able to have my LTI tool do anything that interesting. Thanks for your help!

Labels (4)
0 Kudos
1 Solution
Community Member

I was able to get this working by manually entering the public key in the Developer Key config. I had it set to use the JWK Url option with the url located at `localhost:3000/etc/etc`, but naturally Canvas is unable to read my public keys off of `localhost` 🤦‍.  I still wish Canvas had returned a JSON error that said "can't access public key", or even just "invalid public key", but I'm just happy I got it working.

NOTE: if you need to switch from Public JWK url to Public JWK, you need to delete the url and then insert your jwk. Otherwise it will default back to the jwk url.


View solution in original post

0 Kudos