Hi @nablisoft,
From your error logs, it seems like the JWK Signing keys aren’t correctly set.
Since Ironwood, edx-platform
uses asymmetric JWT cryptographic keys for signing JWTs (you can read more about this here).
To fix that issue, you’ll need to generate a JWK key pair and set both EDXAPP_JWT_PRIVATE_SIGNING_JWK
and COMMON_JWT_PUBLIC_SIGNING_JWK_SET
on your instance settings.
Generating the keys
To generate these keys, you can use this guide.
You’ll need two values:
serialized_public_keys_json
serialized_keypair_json
Instance settings
If you are deploying a new instance
Add these two Ansible variables to the configuration file (pick the values from the previous step):
COMMON_JWT_PUBLIC_SIGNING_JWK_SET: 'contents of serialized_public_keys_json'
EDXAPP_JWT_PRIVATE_SIGNING_JWK: 'contents of serialized_keypair_json'
If you instance is already up and running
You’ll need to set these values directly on lms.env.json
:
// Look for the JWT_AUTH key
{
...
"JWT_AUTH": {
...,
"JWT_PRIVATE_SIGNING_JWK": "contents of serialized_keypair_json",
"JWT_PUBLIC_SIGNING_JWK_SET": "contents of serialized_public_keys_json",
},
...
}
And you also need to set JWT_PUBLIC_SIGNING_JWK_SET
on the configuration files of services you use (discovery, ecommerce, etc). You’ll need to look at the configuration files and search for the JWT_AUTH
key, and then set JWT_PUBLIC_SIGNING_JWK_SET
.