pass kid on service and deep linking responses

Author: MartinLenord

src/lti/LTI_Deep_Link.php

@@ -27,7 +27,7 @@ public function get_response_jwt($resources) {
  "https://purl.imsglobal.org/spec/lti-dl/claim/content_items" => array_map(function($resource) { return $resource->to_array(); }, $resources),
  "https://purl.imsglobal.org/spec/lti-dl/claim/data" => $this->deep_link_settings['data'],
  ];
- return JWT::encode($message_jwt, $this->registration->get_tool_private_key(), 'RS256');
+ return JWT::encode($message_jwt, $this->registration->get_tool_private_key(), 'RS256', $this->registration->get_kid());
  }
 
  public function output_response_form($resources) {

src/lti/LTI_Registration.php

@@ -71,20 +71,23 @@ public function set_tool_private_key($tool_private_key) {
  return $this;
  }
 
+ public function get_kid() {
+ hash('sha256', trim($this->issuer . $this->client_id));
+ }
+
  public function get_public_jwk() {
  $key = new RSA();
  $key->setPrivateKey($this->get_tool_private_key());
  $key->setPublicKey();
- if ( !$key->publicExponent ){
+ if ( !$key->publicExponent ) {
  return [];
  }
- $kid = hash('sha256', trim($this->issuer . $this->client_id));
  $components = array(
  'kty' => 'RSA',
  'alg' => 'RS256',
  'e' => JWT::urlsafeB64Encode($key->publicExponent->toBytes()),
  'n' => JWT::urlsafeB64Encode($key->modulus->toBytes()),
- 'kid' => $kid,
+ 'kid' => $this->get_kid(),
  );
  if ($key->exponent != $key->publicExponent) {
  $components = array_merge($components, array(

src/lti/LTI_Service_Connector.php

@@ -34,7 +34,7 @@ public function get_access_token($scopes) {
  ];
 
  // Sign the JWT with our private key (given by the platform on registration)
- $jwt = JWT::encode($jwt_claim, $this->registration->get_tool_private_key(), 'RS256');
+ $jwt = JWT::encode($jwt_claim, $this->registration->get_tool_private_key(), 'RS256', $this->registration->get_kid());
 
  // Build auth token request headers
  $auth_request = [