LTI 1.3 tools must generate their own keys and JWKS URL
When we started supporting LTI 1.3/Advantage (back in May of 2019) we chose to generate public/private key pairs for the tools. The tool vendor was then responsible for copying and storing those values on their side.
But the IMS Global community has moved away from that model and now suggests that tool vendors generate their own key pairs for LTI authentication and provide their public key via a JWKS URL. This model is more secure because there is not copying of a private key and allows the LTI Tool provider to follow best practices with key rotation.
We decided to follow that suggestion. If you want to register a new tool with Blackboard, you have to provide the JWKS URL information. And if you have an existing tool that use the Blackboard-generated private key, please keep in mind that we’ll be terminating support in the near future.
NOTE: Once you’ve made the change, you must have our mutual clients redeploy your LTI 1.3 tool. Redeploy means the following:
- Admin -> Integrations, LTI Tool Providers -> Register LTI 1.3/Advantage Tool
- Enter the same client ID for your tool that was previously deployed. Click the [Submit] Button.
- Your tool will be redeployed to use your new JWKS URL.
Follow the above steps exactly. Do NOT have them delete the integration as that will destroy all existing links to your tool, which can not be recovered.
As always, if you have any questions, check out the contact us page and let us know!