spvickers
commented
11 months ago Thanks for your report. I will investigate this further, but my initial checks suggest that the Firebase library (which you are using in conjunction with this LTI library) requires an algorithm to create a Key object; hence the check being made. You could try using an alternative JWT library, such as the Web Token JWT Framework library which is also supported without needing to implement your own ClientInterface.
We are having some trouble with a LTI Advantage integration with D2L because their public keyset doesn't contain an alg field (which is optional in the JWK spec). Upon launching we see a "JWT signature check failed". Upon debugging I found that the keyset isn't getting parsed because there is no alg field.
I can get the integration working if I remove the check for alg and specify "RSA256" as the algorithm but this doesn't seem like the right way to go about this. Any thoughts?