The Instructure Community is in read-only mode as we prepare to migrate to our new Community platform in early December.
Community members cannot post or update content in the Community during this time. All content is still available to view.
Read our blog post for more info about this change.Found this content helpful? Log in or sign up to leave a like!
Hello,
I'm attempting to implement LTI 1.3 as a tool provider and I'm developing against canvas. I've stumbled upon an issue that I've been trying to resolve for a while now, and I can't find any solutions. The issue I have has been mentioned in both of these threads 1 2; however, neither thread provides a solution.
For brevity, I'm only showing a partial part of the error in the error report
Category: JSON::JWK::UnknownAlgorithm
Unknown Key Type
/opt/bitnami/apps/canvaslms/htdocs/vendor/bundle/ruby/2.5.0/gems/json-jwt-1.11.0/lib/json/jwk.rb:49:in `to_key'
/opt/bitnami/apps/canvaslms/htdocs/vendor/bundle/ruby/2.5.0/gems/json-jwt-1.11.0/lib/json/jose.rb:25:in `with_jwk_support'
/opt/bitnami/apps/canvaslms/htdocs/vendor/bundle/ruby/2.5.0/gems/json-jwt-1.11.0/lib/json/jws.rb:106:in `sign'
/opt/bitnami/apps/canvaslms/htdocs/vendor/bundle/ruby/2.5.0/gems/json-jwt-1.11.0/lib/json/jws.rb:17:in `sign!'
/opt/bitnami/apps/canvaslms/htdocs/vendor/bundle/ruby/2.5.0/gems/json-jwt-1.11.0/lib/json/jwt.rb:35:in `sign'
/opt/bitnami/apps/canvaslms/htdocs/gems/lti-advantage/lib/lti_advantage/messages/jwt_message.rb:67:in `create_jws'
/opt/bitnami/apps/canvaslms/htdocs/lib/lti/messages/jwt_message.rb:36:in `generate_id_token'
/opt/bitnami/apps/canvaslms/htdocs/app/controllers/lti/ims/authentication_controller.rb:121:in `id_token'
/opt/bitnami/apps/canvaslms/htdocs/app/controllers/lti/ims/authentication_controller.rb:56:in `authorize'I have triple checked to make sure that lti_message_hint and login_hint are being passed to canvas properly, and my JWK key is fine (though as far if I understand correctly the tool's JWK key is not necessary for this step).
I've got a self-hosted cloud instance of canvas. I can provide more information of the environment if necessary.
I really appreciate any help at all.
Solved! Go to Solution.
After many days of frustration, I found the solution. Hope this helps someone, especially since large part of my frustration was seeing people with the same problem as me in this forum who never posted how they solved their problem.
Anyhow, the answer to this problem was incorrectly configured environments. For context, I tried this on four different environments. The quick-start development, the quick-start production, bitnami (cloud), and IONOS.
Here's a rundown of each one:
If any canvas developers see this, please do me a favor and update the quick-start guides to avoid this issue. On the development quick-start, please mention that redis is necessary for OAuth to work, since somebody who is developing will go straight to the development quick-start and will not have this information. And in the production quick-start, please note that LTI won't work without reconfiguring dynamic_settings.yml, and maybe add the production example so that it can work straight out of the box by copying dynamic_settings.yml.example.
At the very least, anybody with this issue will hopefully stumble upon this thread and I sincerely hope it helps.
FWIW, this solution worked for me as well.
If you are using Bitnami I suggest restarting services after making the change, or to be safe, just restart the whole box:
sudo /opt/bitnami/ctlscript.sh restart
It seems my canvas environment has trouble with web tokens in general. If I try to access the /api/lti/security/jwks endpoint to get the canvas public keys I get another 500 (different error though).
After many days of frustration, I found the solution. Hope this helps someone, especially since large part of my frustration was seeing people with the same problem as me in this forum who never posted how they solved their problem.
Anyhow, the answer to this problem was incorrectly configured environments. For context, I tried this on four different environments. The quick-start development, the quick-start production, bitnami (cloud), and IONOS.
Here's a rundown of each one:
If any canvas developers see this, please do me a favor and update the quick-start guides to avoid this issue. On the development quick-start, please mention that redis is necessary for OAuth to work, since somebody who is developing will go straight to the development quick-start and will not have this information. And in the production quick-start, please note that LTI won't work without reconfiguring dynamic_settings.yml, and maybe add the production example so that it can work straight out of the box by copying dynamic_settings.yml.example.
At the very least, anybody with this issue will hopefully stumble upon this thread and I sincerely hope it helps.
Thank you so much for your post here. Was getting the below error and there was no clue in the documentation. It's so frustrating to see that Canvas is so lousy to even mention this step in their production guide here that you have to change this dynamic_settings.yml file and replace 'development' with 'production'.
There are so many more imp steps that they haven't bothered to mention in their guide. Really disappointing but Thank you for compensating for their lack of work through this post.
[CANVAS_ERRORS] EXCEPTION LOG
NoMethodError (undefined method `sign' for nil: NilClass
private_key.sign digest, signature_base_string
^^^^^):
/canvas/vendor/bundle/ruby/3.1.0/gems/json-jwt-1.13.0/lib/json/jws.rb:107:in `sign'
Thank you! You saved us a lot of time and trouble!
FWIW, this solution worked for me as well.
If you are using Bitnami I suggest restarting services after making the change, or to be safe, just restart the whole box:
sudo /opt/bitnami/ctlscript.sh restart
With a big chance of me missing something: How are the private keys used to generate jwt generate public keys in dynamic_settings.yml stored? I have extracted the private one and put in the jwt in the dynamic_settings file using rails console (mentioned here https://github.com/instructure/canvas-lms/blob/master/config/dynamic_settings.yml.example#L109) , but there is no hint of where to put the private part. Only mention of private key in code is a saml key, and that have to be the wrong one.
Hi May I know where to find the dynamic_settings.yml file in the server?
The dynamic_settings.yml file should be found in the config directory.
I had change the dynamic_settings.yml at this path "/opt/bitnami/apps/canvaslms/htdocs/config",but now my whole canvas have 504 Gateway error.
I just change the development section to production.
I had restart the server.
Community helpTo interact with Panda Bot, our automated chatbot, you need to sign up or log in:
Sign inTo interact with Panda Bot, our automated chatbot, you need to sign up or log in:
Sign in
