How to obtain an access token for accessing LTI Advantage Services

Options
Aravindsai.T.7711
Aravindsai.T.7711 Posts: 5 🌱
edited June 4 in Development
I am trying to obtain the access token by exchanging the id_token

I am receiving the following error:

Error: Request failed with status code 400

My Code:

Also I have tried to do properly form a JWT signed with my private key and use it:

const privateKey = fs.readFileSync(path.resolve(__dirname, 'private.pem'), 'utf8');

// Create a JWT for the client assertion
function createClientAssertion(clientId, tokenUrl) {
const now = Math.floor(Date.now() / 1000);
const payload = {
iss: clientId, // Cleint ID
sub: clientId, // Client ID
aud: "https://api.brightspace.com/auth/token",
iat: now, // Issued at time
nbf: now,
exp: now + 300, // Expiration time (5 minutes)
jti: crypto.randomBytes(16).toString('hex') // Unique identifier for the token
};

const token = jwt.sign(payload, privateKey, { algorithm: 'RS256' });
return token;
}

// Function to exchange id_token for an access token
async function exchangeIdTokenForAccessToken(idToken) {
const tokenUrl = 'https://auth.brightspace.com/core/connect/token';
const clientAssertion = createClientAssertion('7a9dba13-2604-45e2-8109-f1fb43b18d45', tokenUrl);

const data = querystring.stringify({
grant_type: 'client_credentials',
client_assertion_type: 'urn:ietf:params:oauth:client-assertion-type:jwt-bearer',
client_assertion: clientAssertion,
scope: 'https://purl.imsglobal.org/spec/lti-ags/scope/lineitem',
});

try {
const response = await axios.post(tokenUrl, data, {
headers: {
'Content-Type': 'application/x-www-form-urlencoded'
}
});
console.log('here after exchange');
console.log(response)
if (response.status === 200) {
return response.data; // Contains access_token
} else {
throw new Error('Failed to exchange id_token');
}
} catch (error) {
throw error;
}
}

Any help will be appreciated, Thanks
Tagged:

Best Answer

  • Aravindsai.T.7711
    Aravindsai.T.7711 Posts: 5 🌱
    Answer ✓
    Options

    Hello all,

    The issue was with my jwks endpoint, After making sure my keys are properly valid I am able to get the access token and call the AGS service APIs.

    But now I am trying to post a score to my lineitem, I am getting the below error
    data: 'User in requested score does not exist'

    Any suggestions will be appreciated

    Thanks

    Aravind

Answers

  • Aravindsai.T.7711
    Aravindsai.T.7711 Posts: 5 🌱
    Options

    data: 'User in requested score does not exist'

    This is fixed by using the "sub" value instead of userId from the Decoded id token