- Issue created by @ddelblanco_2
At this moment, a new registration needs to select one key and then a link to the jwks is generated that includes the client_id as query string parameter in the URL.
This implies that to send the information to the LMS about the configuration of the Drupal tool, we need to know the client_id, and we can't know the client_id until they create a tool deployment on their side and to do that they need the jwks url.
A second issue is that the client_id is not unique, so you could have two registrations with the same client_id. That would generate an issue when getting the key.
Just look at the URL for the jwks endpoint that is generated.
The usual practice to deal with the jwks endpoint is the same url for every client_id. If we want to have a different key per client_id we will need to publish all the public keys on that url and use the KID to find the right one. Although this is not needed at all. If that is done, a unique KID must be generated, surely including not only the client_id, but the issuer and the deployment_id. Or it could be just one key for all the LTI registrations (as most of the tools do) and avoid this problem completely making it not dependant on the registration.
Active
2.0
Code