How to obtain an access token for accessing LTI Advantage Services

Aravindsai.T.7711 Posts: 5 🌱
edited June 4 in Development
I am trying to obtain the access token by exchanging the id_token

I am receiving the following error:

Error: Request failed with status code 400

My Code:

Also I have tried to do properly form a JWT signed with my private key and use it:

const privateKey = fs.readFileSync(path.resolve(__dirname, 'private.pem'), 'utf8');

// Create a JWT for the client assertion
function createClientAssertion(clientId, tokenUrl) {
const now = Math.floor( / 1000);
const payload = {
iss: clientId, // Cleint ID
sub: clientId, // Client ID
aud: "",
iat: now, // Issued at time
nbf: now,
exp: now + 300, // Expiration time (5 minutes)
jti: crypto.randomBytes(16).toString('hex') // Unique identifier for the token

const token = jwt.sign(payload, privateKey, { algorithm: 'RS256' });
return token;

// Function to exchange id_token for an access token
async function exchangeIdTokenForAccessToken(idToken) {
const tokenUrl = '';
const clientAssertion = createClientAssertion('7a9dba13-2604-45e2-8109-f1fb43b18d45', tokenUrl);

const data = querystring.stringify({
grant_type: 'client_credentials',
client_assertion_type: 'urn:ietf:params:oauth:client-assertion-type:jwt-bearer',
client_assertion: clientAssertion,
scope: '',

try {
const response = await, data, {
headers: {
'Content-Type': 'application/x-www-form-urlencoded'
console.log('here after exchange');
if (response.status === 200) {
return; // Contains access_token
} else {
throw new Error('Failed to exchange id_token');
} catch (error) {
throw error;

Any help will be appreciated, Thanks

Best Answer

  • Aravindsai.T.7711
    Aravindsai.T.7711 Posts: 5 🌱
    Answer ✓

    Hello all,

    The issue was with my jwks endpoint, After making sure my keys are properly valid I am able to get the access token and call the AGS service APIs.

    But now I am trying to post a score to my lineitem, I am getting the below error
    data: 'User in requested score does not exist'

    Any suggestions will be appreciated




  • Aravindsai.T.7711
    Aravindsai.T.7711 Posts: 5 🌱

    data: 'User in requested score does not exist'

    This is fixed by using the "sub" value instead of userId from the Decoded id token