I'm trying to connect our LTI Advantage app (ChemVantage) in Canvas. Registration seemed to go fine. ChemVantage supports a JWKS server, so the configuration JSON specified the public_jwk_url parameter, not a static key. I can see the app deployed at the course level. However, when creating an assignment using Deep Linking, Canvas throws an error when the app submits the JWT containing the LtiDeepLinkingResponse message. The Canvas error message JSON looks like:
"type": "JWT verification failure",
"message": "JWT verification failure"
which appears to say that Canvas could not find the RSA key id in the JWT header. I verified that the proper kid is included in the header, and ChemVantage passes the Deep Linking tests in the LTI Advantage certification suite.
So I'm wondering if anyone can suggest what Canvas might be expecting here that I am not providing?