Sharebar?

OAuth 2.0 Access Token - Invalid Scope

OAuth 2.0 Access Token - Invalid Scope

Using schoology and been trying to use their oauth 2.0 access token endpoint get an access token using a jwt token we obtained though the oidc authorization endpoint. at first it was throwing errors about how we signed the client_assertion jwt, we were able to find the issue and move forward, it now keeps complaining about the scope. it keeps throwing an error of `invalid scope`. tried many different options for the scope but none seem to work.

I've also seen a few scopes while searching here as well as the scopes used in the following package: https://github.com/celtic-project/LTI-PHP

our code looks something like this:

endpoint: https://lti-service.svc.schoology.com/lti-service/access-token

```
'grant_type' => 'client_credentials',
'client_assertion_type' => 'urn:ietf:params:oauth:client-assertion-type:jwt-bearer',
'client_assertion' => '....',
'scope' => 'https://purl.imsglobal.org/spec/lti-ags/scope/result.readonly',
```

what is it expecting as the scope? what are the available scopes?

we use LTI 1.3

thank you!

update

looks like it now works, we get back a JWT token that looks like this:

```
{
"sub": "xxxxx",
"iat": 1696281538,
"exp": 1696285138,
"imsglobal.org.security.scope": "https://purl.imsglobal.org/spec/lti-ags/scope/result.readonly https://purl.imsglobal.org/spec/lti-ags/scope/lineitem https://purl.imsglobal.org/spec/lti-ags/scope/score https://purl.imsglobal.org/spec/lti-nrps/scope/contextmembership.readonly"
}
```

now since we use schoology we should be able to query api.schoology.com ? but it always returns a 401. using the LTI method are we supposed to hit a different api endpoint?

thank you.