Canvas JWK Private Key for OAuth
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi!
I'm working on generating an access token in order to utilize the LTI 1.3 Advantage Services, but I'm a bit confused about one aspect of this grant flow and I'm hoping someone can provide some clarity. As described under 'Step 2: Request an access token' here:
https://canvas.instructure.com/doc/api/file.oauth.html#developer-key-setup
I'm trying to 'request an LTi access token using the client_credentials grant'. The link takes me here:
https://canvas.instructure.com/doc/api/file.oauth_endpoints.html#post-login-oauth2-token
Where the instructions state that I must create a request which is 'signed by an RSA256 private key with a public key that is configured on the developer key…'. The problem is, I can't figure out how to access the private key or use it to sign my request. I can create a JWT and an algorithm without issue, and the code looks like this:
myUrl = "https://canvas.test.instructure.com/api/lti/security/jwks";
JwkProvider provider = new UrlJwkProvider(new URL(myUrl));
Jwk jwk2 = provider.get(decodedJWT.getKeyId());
Algorithm algorithm2 = Algorithm.RSA256((RSAPublicKey) jwk2.getPublicKey(), null);
claimToken = JWT.create() .withAudience("https://"+CanvasApi.getCanvasURL()+"/login/oauth2/token") .withSubject(audComp)
.withIssuedAt(jwtDate)
.withIssuer(ltiURL)
.sign(algorithm2);
The problem seems to be that I can't create an algorithm for signing a JWT without a private key, and I can't figure out how to access the private key from the Public JWK found at https://canvas.test.instructure.com/api/lti/security/jwks .
Can anyone please explain to me how I am supposed to use the JWK private key to sign my request for the grant_type 'client_credentials'?
( I should mention that I did try sending along the same JWT I received during step three of the LTI launch (as described here: https://canvas.instructure.com/doc/api/file.lti_dev_key_config.html#step-3 ), but the values for 'sub' and 'aud' were not correct. )
I suspect that I'm missing something obvious here, so please feel free to reply with any tips or hints that might be relevant.
Thanks!
-David
Solved! Go to Solution.
