guzzle error using members service with blackboard, not Brightspace

[phaazebroek]

Hi all,

it seems that we get a guzzle error:
"error":"invalid_jwt_token","error_description":"Invalid JWT signature java.lang.IllegalArgumentException: Unknown exception occurred with [jwks_endpoint], with message Failed to get key with kid [the correct key id]"

when using ->get_members() on the names and roles service.

This only happens on Blackboard, however; Brightspace does produce a result array with the correct users. To be complete: the OIDC login-and-redirect flow does work nicely, this issue occurs when subsequently using the members service on the context_membership_url that was acquired during the OIDC launch.

any thoughts on where we should check to solve this issue?
thanks!!

[dbhynds]

We integrate with several schools using Blackboard (and use NRPS) and have not seen this issue. I googled the error message you provided, and only got a single result 😢 (See the item under "Common Issues" here: https://sagevantage.softwareassist.com/Main.aspx?isreload=1&rurl=1). This page suggests that it's a configuration issue with Blackboard itself.

From your message, I assume you've done this, but I would start by making absolutely sure the jwks endpoint and kid are accurate, as well as verifying the data in the JWT. From there, I'd perhaps try to troubleshoot with the Blackboard admin.

Beyond that, I'm not sure what to recommend. If you come across any more information that you think might be relevant, please share.