How to obtain an access token for accessing LTI Advantage Services
Aravindsai.T.7711
Posts: 6 🌱
I am trying to obtain the access token by exchanging the id_token
I am receiving the following error:
Error: Request failed with status code 400
My Code:
Also I have tried to do properly form a JWT signed with my private key and use it:
const privateKey = fs.readFileSync(path.resolve(__dirname, 'private.pem'), 'utf8');
// Create a JWT for the client assertion
function createClientAssertion(clientId, tokenUrl) {
const now = Math.floor(Date.now() / 1000);
const payload = {
iss: clientId, // Cleint ID
sub: clientId, // Client ID
aud: "https://api.brightspace.com/auth/token",
iat: now, // Issued at time
nbf: now,
exp: now + 300, // Expiration time (5 minutes)
jti: crypto.randomBytes(16).toString('hex') // Unique identifier for the token
};
const token = jwt.sign(payload, privateKey, { algorithm: 'RS256' });
return token;
}
// Function to exchange id_token for an access token
async function exchangeIdTokenForAccessToken(idToken) {
const tokenUrl = 'https://auth.brightspace.com/core/connect/token';
const clientAssertion = createClientAssertion('7a9dba13-2604-45e2-8109-f1fb43b18d45', tokenUrl);
const data = querystring.stringify({
grant_type: 'client_credentials',
client_assertion_type: 'urn:ietf:params:oauth:client-assertion-type:jwt-bearer',
client_assertion: clientAssertion,
scope: 'https://purl.imsglobal.org/spec/lti-ags/scope/lineitem',
});
try {
const response = await axios.post(tokenUrl, data, {
headers: {
'Content-Type': 'application/x-www-form-urlencoded'
}
});
console.log('here after exchange');
console.log(response)
if (response.status === 200) {
return response.data; // Contains access_token
} else {
throw new Error('Failed to exchange id_token');
}
} catch (error) {
throw error;
}
}
Any help will be appreciated, Thanks
I am receiving the following error:
Error: Request failed with status code 400
My Code:
Also I have tried to do properly form a JWT signed with my private key and use it:
const privateKey = fs.readFileSync(path.resolve(__dirname, 'private.pem'), 'utf8');
// Create a JWT for the client assertion
function createClientAssertion(clientId, tokenUrl) {
const now = Math.floor(Date.now() / 1000);
const payload = {
iss: clientId, // Cleint ID
sub: clientId, // Client ID
aud: "https://api.brightspace.com/auth/token",
iat: now, // Issued at time
nbf: now,
exp: now + 300, // Expiration time (5 minutes)
jti: crypto.randomBytes(16).toString('hex') // Unique identifier for the token
};
const token = jwt.sign(payload, privateKey, { algorithm: 'RS256' });
return token;
}
// Function to exchange id_token for an access token
async function exchangeIdTokenForAccessToken(idToken) {
const tokenUrl = 'https://auth.brightspace.com/core/connect/token';
const clientAssertion = createClientAssertion('7a9dba13-2604-45e2-8109-f1fb43b18d45', tokenUrl);
const data = querystring.stringify({
grant_type: 'client_credentials',
client_assertion_type: 'urn:ietf:params:oauth:client-assertion-type:jwt-bearer',
client_assertion: clientAssertion,
scope: 'https://purl.imsglobal.org/spec/lti-ags/scope/lineitem',
});
try {
const response = await axios.post(tokenUrl, data, {
headers: {
'Content-Type': 'application/x-www-form-urlencoded'
}
});
console.log('here after exchange');
console.log(response)
if (response.status === 200) {
return response.data; // Contains access_token
} else {
throw new Error('Failed to exchange id_token');
}
} catch (error) {
throw error;
}
}
Any help will be appreciated, Thanks
Tagged:
Best Answer
-
Hello all,
The issue was with my jwks endpoint, After making sure my keys are properly valid I am able to get the access token and call the AGS service APIs.
But now I am trying to post a score to my lineitem, I am getting the below error
data: 'User in requested score does not exist'Any suggestions will be appreciated
Thanks
Aravind
Answers
-
data: 'User in requested score does not exist'
This is fixed by using the "sub" value instead of userId from the Decoded id token