RSA key pair generation and JWKS document building for LTI tool authentication.
Every LTI Advantage service call requires a signed JWT assertion. This module generates the key pairs used for signing and builds the JWKS documents that platforms use to verify signatures.
Generating keys
{private, public} = Ltix.JWK.generate_key_pair()Store the private key in your %Ltix.Registration{} as tool_jwk. Serve
the public key from your JWKS endpoint.
Building a JWKS endpoint response
jwks = Ltix.JWK.to_jwks([current_public, previous_public])
# => %{"keys" => [%{"kty" => "RSA", "kid" => "...", ...}, ...]}Include multiple keys during rotation so platforms can verify with either.
Options
:key_size(integer/0) - RSA key size in bits (minimum 2048). The default value is2048.
Summary
Functions
Generate an RSA key pair for LTI tool authentication.
Build a JWKS (JSON Web Key Set) map from a list of public JWKs.
Functions
@spec generate_key_pair(keyword()) :: {JOSE.JWK.t(), JOSE.JWK.t()}
Generate an RSA key pair for LTI tool authentication.
Returns {private_jwk, public_jwk}. The private key is suitable for
registration.tool_jwk. The public key goes on your JWKS endpoint.
Both keys share the same kid and include alg: RS256 and use: sig.
Examples
{private, public} = Ltix.JWK.generate_key_pair()
{private, public} = Ltix.JWK.generate_key_pair(key_size: 4096)@spec to_jwks([JOSE.JWK.t()]) :: map()
Build a JWKS (JSON Web Key Set) map from a list of public JWKs.
Strips private key material from any key that still contains it, so it's safe to pass private keys by accident.
Examples
{_private, public} = Ltix.JWK.generate_key_pair()
jwks = Ltix.JWK.to_jwks([public])
[key] = jwks["keys"]
key["kty"]
#=> "RSA"