I'd also like to point out that because we're using firebase/php-jwt, we require the inclusion of 'alg' in the JWK. See https://github.com/firebase/php-jwt/blob/main/src/JWK.php#L86-L89. By default, the containerised Canvas I was using wasn't including this and required a config change to config/dynamic_settings.yml to include "alg": "RS256" in the keys.
It seems this is included in the official jwk at https://canvas.instructure.com/api/lti/security/jwks, just not in the dev stuff.
Might be useful to someone.
Jake
It seems this is included in the official jwk at https://canvas.instructure.com/api/lti/security/jwks, just not in the dev stuff.
Might be useful to someone.
Jake