From 2c0bba1427ea74bd208d7e984c24e160ae54c4d0 Mon Sep 17 00:00:00 2001
From: Markos Gogoulos <markos@sixfeetup.com>
Date: Tue, 30 Dec 2025 15:30:08 +0200
Subject: [PATCH] a

---
 lti/adapters.py | 11 ++++++-----
 1 file changed, 6 insertions(+), 5 deletions(-)

diff --git a/lti/adapters.py b/lti/adapters.py
index 5dc05487..bedfb620 100644
--- a/lti/adapters.py
+++ b/lti/adapters.py
@@ -8,11 +8,12 @@ import json
 import time
 from typing import Any, Dict, Optional
 
+import jwt
 import requests
 from cryptography.hazmat.backends import default_backend
 from cryptography.hazmat.primitives import serialization
 from django.core.cache import cache
-from jwcrypto import jwk, jwt
+from jwcrypto import jwk
 from pylti1p3.message_launch import MessageLaunch
 from pylti1p3.oidc_login import OIDCLogin
 from pylti1p3.registration import Registration
@@ -196,9 +197,11 @@ class DjangoServiceConnector(ServiceConnector):
 
         key_obj = LTIToolKeys.get_or_create_keys()
         jwk_obj = jwk.JWK(**key_obj.private_key_jwk)
+        pem_bytes = jwk_obj.export_to_pem(private_key=True, password=None)
+        private_key = serialization.load_pem_private_key(pem_bytes, password=None, backend=default_backend())
 
         now = int(time.time())
-        claims = {
+        payload = {
             'iss': self._registration.get_client_id(),
             'sub': self._registration.get_client_id(),
             'aud': self._registration.get_auth_token_url(),
@@ -207,9 +210,7 @@ class DjangoServiceConnector(ServiceConnector):
             'jti': str(time.time()),
         }
 
-        jwt_token = jwt.JWT(header={'alg': 'RS256', 'kid': key_obj.private_key_jwk['kid']}, claims=claims)
-        jwt_token.make_signed_token(jwk_obj)
-        client_assertion = jwt_token.serialize()
+        client_assertion = jwt.encode(payload, private_key, algorithm='RS256', headers={'kid': key_obj.private_key_jwk['kid']})
 
         token_url = self._registration.get_auth_token_url()
         data = {