Hi all! 👋
Background
I'm new to Canvas LMS and working on integrating it with my tool (a knowledge assessment system) to allow students to take tests relevant to their courses.

What I'm doing
I deployed Canvas in a Docker container and created a new LTI key along with an app in Canvas. My tool is added to an assignment as an external tool, and when I switch to the student view and open the assignment, the tool launches as expected.
Canvas correctly makes a request to the URL I specified as the OpenID Connect Initiation URL. I then redirect this request to login/oauth2/auth, but Canvas responds with the following URL-encoded error:

A requested scope is invalid, unknown, malformed, or exceeds the scope granted by the resource owner. The following scopes were requested, but not granted: openid.

It seems that the openid scope is not being granted, despite the tool being properly configured.

Code Implementation
Below is the C# code handling the OpenID Connect launch request:

[HttpPost]
[Route("openid")]
public ActionResult Launch([FromForm] string client_id, [FromForm] string login_hint)
{
    var query = new QueryBuilder
    {
        { "client_id", client_id },
        { "login_hint", login_hint },
        { "redirect_uri", "https://localhost:5000/receive_token" },
        { "response_type", "code" },
        { "scope", "openid" },
        { "state", "some-random-string" },
        { "nonce", "some-random-nonce" },
        { "prompt", "none" }
    }.ToQueryString();

    var redirectUrl = "http://localhost:3001/login/oauth2/auth" + query;
    return Redirect(redirectUrl);
}

Question
How can I resolve this issue and ensure that the openid scope is granted properly? Thanks in advance for any help! 🙌