fix: fixed an inaccuracy in the protocol implementation

Author: KirillBorisovich

HwProj.APIGateway/HwProj.APIGateway.API/Lti/Controllers/LtiAccessTokenController.cs

@@ -49,7 +49,7 @@ public async Task<IActionResult> GetTokenAsync([FromForm] IFormCollection form)
 
         var unverifiedToken = handler.ReadJwtToken(clientAssertion);
 
-        var clientId = unverifiedToken.Subject;
+        var clientId = unverifiedToken.Issuer;
 
         var tool = toolService.GetByClientId(clientId);
         if (tool == null)
@@ -66,7 +66,7 @@ public async Task<IActionResult> GetTokenAsync([FromForm] IFormCollection form)
             handler.ValidateToken(clientAssertion, new TokenValidationParameters
             {
                 ValidateIssuer = true,
-                ValidIssuer = unverifiedToken.Issuer,
+                ValidIssuer = tool.ClientId,
 
                 ValidateAudience = true,
                 ValidAudience = tokenEndpointUrl,

HwProj.APIGateway/HwProj.APIGateway.API/Lti/Controllers/LtiDeepLinkingReturnController.cs

@@ -42,7 +42,7 @@ public async Task<IActionResult> OnDeepLinkingReturnAsync([FromForm] IFormCollec
         }
 
         var unverifiedToken = Handler.ReadJwtToken(tokenString);
-        var clientId = unverifiedToken.Subject;
+        var clientId = unverifiedToken.Issuer;
 
         var tool = toolService.GetByClientId(clientId);
         if (tool == null)
@@ -58,7 +58,7 @@ public async Task<IActionResult> OnDeepLinkingReturnAsync([FromForm] IFormCollec
             Handler.ValidateToken(tokenString, new TokenValidationParameters
             {
                 ValidateIssuer = true,
-                ValidIssuer = tool.issuer,
+                ValidIssuer = tool.ClientId,
                 ValidateAudience = true,
                 ValidAudience = ltiPlatformOptions.Value.Issuer,
                 ValidateLifetime = true,

HwProj.APIGateway/HwProj.APIGateway.API/Lti/Controllers/MockToolController.cs

@@ -36,7 +36,7 @@ private record MockTask(string Id, string Title, string Description, int Score);
     static MockToolController()
     {
         var rsa = RSA.Create(2048);
-        var keyId = "mock-tool-key-id";
+        const string keyId = "mock-tool-key-id";
         SigningKey = new RsaSecurityKey(rsa) { KeyId = keyId };
     }
 
@@ -172,8 +172,7 @@ public IActionResult SubmitDeepLinkingSelection(
 
         var payload = new JwtPayload
         {
-            { "iss", ToolIss },
-            { "sub", ToolNameId },
+            { "iss", ToolNameId },
             { "aud", platformIssuer },
             { "iat", DateTimeOffset.UtcNow.ToUnixTimeSeconds() },
             { "exp", DateTimeOffset.UtcNow.AddMinutes(5).ToUnixTimeSeconds() },
@@ -333,8 +332,7 @@ public async Task<IActionResult> SendScore(
     private static string CreateClientAssertion(string platformIssuer)
     {
         var claims = new List<Claim> {
-            new(JwtRegisteredClaimNames.Iss, ToolIss),
-            new(JwtRegisteredClaimNames.Sub, ToolNameId),
+            new(JwtRegisteredClaimNames.Iss, ToolNameId),
             new(JwtRegisteredClaimNames.Aud, $"{platformIssuer}/api/lti/token"),
             new(JwtRegisteredClaimNames.Iat, DateTimeOffset.UtcNow.ToUnixTimeSeconds().ToString(), ClaimValueTypes.Integer64),
             new(JwtRegisteredClaimNames.Exp, DateTimeOffset.UtcNow.AddMinutes(5).ToUnixTimeSeconds().ToString(), ClaimValueTypes.Integer64),