Error in Assignment page using LTI external tool - CanvasSecurity::InvalidJwtKey
174 views
Skip to first unread message
David Grey
Sep 21, 2021, 7:42:21 AM9/21/21
to Canvas LMS Users
We have a self-hosted Canvas instance which has an LTI integration with a 3rd party e-portfolio tool. The tool integrates into the Course menu, the RCE and as an external tool for assignments.
Our setup has been working flawlessly for 2 years but we upgraded our Canvas server 3 months ago and an issue has now come to light. If anyone tries to view an assignment page which uses this LTI external tool, they receive a page error. Teachers can edit the assignment but cannot view it - they get the same page error.
Our setup has been working flawlessly for 2 years but we upgraded our Canvas server 3 months ago and an issue has now come to light. If anyone tries to view an assignment page which uses this LTI external tool, they receive a page error. Teachers can edit the assignment but cannot view it - they get the same page error.
Looking at the Canvas logs we see the following (excerpt) whenever someone tries to view an assignment page:
[a3b00517412eb3c2782fd383fbdeeafe c2ea5e1b-766c-44dd-93f0-ac4a1dadbedb] [STAT] 1131204 1131204 0 1131204 0.04399999999999693 0.0040000000000000036
[a3b00517412eb3c2782fd383fbdeeafe ac58fcdd-5ff9-4aab-a5fd-10e9db5c2a38] Started GET "/courses/95/assignments/75" for 80.229.17.254 at 2021-09-17 14:05:55 +0000
[a3b00517412eb3c2782fd383fbdeeafe ac58fcdd-5ff9-4aab-a5fd-10e9db5c2a38] Processing by AssignmentsController#show as HTML
[a3b00517412eb3c2782fd383fbdeeafe ac58fcdd-5ff9-4aab-a5fd-10e9db5c2a38] Parameters: {"course_id"=>"95", "id"=>"75"}
[a3b00517412eb3c2782fd383fbdeeafe ac58fcdd-5ff9-4aab-a5fd-10e9db5c2a38] [AUTH] Approved Authlogic session
[a3b00517412eb3c2782fd383fbdeeafe ac58fcdd-5ff9-4aab-a5fd-10e9db5c2a38] [AUTH] inital load: pseud -> 58, user -> 139
[a3b00517412eb3c2782fd383fbdeeafe ac58fcdd-5ff9-4aab-a5fd-10e9db5c2a38] [AUTH] final user: 139
[a3b00517412eb3c2782fd383fbdeeafe ac58fcdd-5ff9-4aab-a5fd-10e9db5c2a38] init @js_env (27.4ms)
[a3b00517412eb3c2782fd383fbdeeafe ac58fcdd-5ff9-4aab-a5fd-10e9db5c2a38] setup_live_events_context (1.4ms)
[a3b00517412eb3c2782fd383fbdeeafe ac58fcdd-5ff9-4aab-a5fd-10e9db5c2a38]
[CANVAS_ERRORS] EXCEPTION LOG
CanvasSecurity::InvalidJwtKey (CanvasSecurity::InvalidJwtKey):
/var/canvas/gems/canvas_security/lib/canvas_security.rb:221:in `create_encrypted_jwt'
/var/canvas/lib/canvas/security.rb:34:in `method_missing'
/var/canvas/lib/basic_lti/sourcedid.rb:32:in `to_s'
/var/canvas/app/models/lti/lti_outbound_adapter.rb:126:in `block in encode_source_id'
/var/canvas/vendor/bundle/ruby/2.6.0/gems/switchman-2.0.8/app/models/switchman/shard.rb:630:in `block in activate'
/var/canvas/vendor/bundle/ruby/2.6.0/gems/switchman-2.0.8/app/models/switchman/shard.rb:98:in `activate'
/var/canvas/vendor/bundle/ruby/2.6.0/gems/switchman-2.0.8/app/models/switchman/shard.rb:629:in `activate'
/var/canvas/app/models/lti/lti_outbound_adapter.rb:124:in `encode_source_id'
/var/canvas/app/models/lti/lti_outbound_adapter.rb:101:in `generate_post_payload_for_assignment'
/var/canvas/app/controllers/application_controller.rb:1939:in `lti_launch_params'
/var/canvas/app/controllers/application_controller.rb:1880:in `content_tag_redirect'
/var/canvas/app/controllers/assignments_controller.rb:250:in `block in show'
This seems to suggest that the issue is occurring when the assignment page is trying to use the LTI. However the LTI works flawlessly when accessed via the Course menu or RCE. We have confirmed that the developer keys and LTI keys/secret are correct on both sides of the LTI integration. We have liaised with the LTI vendor and they confirm that they can see no issues with the integration from their end; they believe the issue to be caused by Canvas.
Using the Canvas REST API we can successfully get and use a sessionless launch URL for this LTI external tool with the Course menu or RCE placement. However when try to get a sessionless launch URL for this LTI external tool with an assignment placement, we see the same error in the logs as above.
Everything else in our Canvas install seems to be working normally.
Using the Canvas REST API we can successfully get and use a sessionless launch URL for this LTI external tool with the Course menu or RCE placement. However when try to get a sessionless launch URL for this LTI external tool with an assignment placement, we see the same error in the logs as above.
Everything else in our Canvas install seems to be working normally.
Has anyone else encountered a similar issue or have any idea which JWT key (or absence of JWT key) is causing the error, and where this key is stored or set? This integration used to work, so we can only presume that the recent upgrade changed, corrupted or deleted something to produce this error, but we have no idea what it is.
Any help gratefully received.
Kind regards,
David Grey,
UK Advising and Tutoring
Any help gratefully received.
Kind regards,
David Grey,
UK Advising and Tutoring
David Grey
Sep 22, 2021, 1:53:53 PM9/22/21
to Canvas LMS Users
After much digging around in the Canvas source code, I've fixed it. The problem was due to the upgrade and it appears that the config: section of the dynamic_settings.yml configuration file requires the following two keys setting with an appropriate key:
lti-encryption-secret: "astringthatisactually32byteslong"
lti-signing-secret: "astringthatisactually32byteslong"
David
Dengpan Huang
Aug 5, 2023, 3:37:31 AM8/5/23
to Canvas LMS Users
Thank you !
Reply all
Reply to author
Forward
0 new messages