JWT error in deeplinking

[KetulCodiste]

Not a bug but an issue I am facing while deeplinking.
how to get the LTI_key. I am using node js with express. I am currently using the following code to create the public and private key to get the jwk:

const crypto = require("crypto");
const fs = require("fs");

const generateKeys = () => {
	// Generate RSA key pair
	const { privateKey, publicKey } = crypto.generateKeyPairSync("rsa", {
		modulusLength: 2048,
		publicKeyEncoding: {
			type: "spki",
			format: "pem",
		},
		privateKeyEncoding: {
			type: "pkcs8",
			format: "pem",
		},
	});

	// Generate a key ID
	const keyId = crypto.randomBytes(16).toString("hex");

	// Convert public key to base64url format for JWK
	const pubKeyBuffer = Buffer.from(publicKey);
	const modulus = pubKeyBuffer
		.toString("base64")
		.replace(/\+/g, "-")
		.replace(/\//g, "_")
		.replace(/=/g, "");

	// Create JWK
	const jwk = {
		kty: "RSA",
		kid: keyId,
		n: modulus,
		e: "AQAB",
		alg: "RS256",
		use: "sig",
	};

	// Save keys to files
	fs.writeFileSync("private.key", privateKey);
	fs.writeFileSync("public.key", publicKey);
	fs.writeFileSync("jwk.json", JSON.stringify(jwk, null, 2));

	console.log("Keys generated successfully!");
	console.log("\nYour JWK for Canvas configuration:");
	console.log(JSON.stringify(jwk, null, 2));
};

generateKeys();

It will create the 3 files in the root folder. public.key and private.key and jwk.json. I want to use Canvas LMS and there is an option while creating the the developer key, Public JWK. I am using this generated jwk to set there and using the public file at line in lti.setup

staticPath: path.join(__dirname, "public"),

using the following code to setup the lti and register the platform.

const encryptionKey = crypto
      .createHash("sha256")
      .update(process.env.ENCRYPTION_KEY || "your-secure-encryption-key")
      .digest("base64")
      .substr(0, 32);

    console.log("Using encryption key:", encryptionKey);
    console.log("path.join(__dirname, public),", path.join(__dirname, "public"))
    await lti.setup(
      encryptionKey, // Move private key to env variable
      {
        url: process.env.MONGODB_URI, // Move MongoDB URI to env variable
        connection: {
          retryWrites: true,
          w: "majority",
        },
      },
      {
        staticPath: path.join(__dirname, "public"),
        cookies: {
          secure: true,
          sameSite: "None",
        },
        devMode: true,
        tokenMaxAge: 60,
        hostName: new URL(process.env.TOOL_URL).hostname,
        proxy: true,
        serverAddon: (app) => {
          app.enable("trust proxy");
          return app;
        },
      }
    );

    const app = lti.app;


    const port = process.env.PORT || 4001;
    await lti.deploy({ port });

    await lti.registerPlatform({
      url: process.env.PLATFORM_URL,
      name: "Canvas LMS",
      clientId: process.env.CLIENT_ID,
      authenticationEndpoint: `${process.env.PLATFORM_URL}/api/lti/authorize_redirect`,
      accesstokenEndpoint: `${process.env.PLATFORM_URL}/login/oauth2/token`,
      authConfig: {
        method: "JWK_SET",
        key: `${process.env.PLATFORM_URL}/api/lti/security/jwks`,
      },
      
    });

while doing the deeplinking with the following code:

const deepLinkingMessage = await lti.DeepLinking.createDeepLinkingMessage(
          token,
          contentItems,
          {
            message: "Quiz successfully selected!",
            log: "Quiz selection completed successfully",
            errlog: "Error occurred during quiz selection",
          }
        );

, when i submit the form with the deepLinkingMessage i got, i am getting the following error in canvas lms browser:

{
"errors": {
"jwt": [
{
"attribute": "jwt",
"type": "JWT verification failure",
"message": "JWT verification failure"
}
]
}
}

when i verified the deepLinkingMessage in jwt.io, it is saying that it is a "Invalid Signature". I am not sure at which step I am going wrong