https://help.powerschool.com/t5/Community-Forum/Schoology-Sending-LTI-Launch-Requests-with-Expired-JWTs/m-p/566161#M28679 <P>Hello everyone,</P><P>We are an educational platform that integrates with Schoology using <STRONG>LTI (LTI 1.3)</STRONG>.</P><P>According to our server logs, we are receiving multiple <STRONG>LTI launch requests</STRONG> from Schoology where the <STRONG>JWT is already expired</STRONG> at the time it reaches our launch endpoint. In many cases, the token is expired by several minutes, hours, and occasionally even days.</P><P>This is causing authentication failures on our side, as we strictly validate the <STRONG><EM>exp</EM></STRONG> claim in the JWT.</P><P>We would like to understand:</P><UL><LI><P>Is this behavior expected under any circumstances?</P></LI><LI><P>Could this be related to a <STRONG>Schoology configuration</STRONG>, caching, retries, or background jobs?</P></LI><LI><P>Are there known scenarios where Schoology might resend an old launch request or reuse a previously generated JWT?</P></LI><LI><P>Is there any recommended tolerance or configuration change we should apply, or should all launches always include a freshly generated JWT?</P></LI></UL><P>Any insight, documentation, or similar experiences would be greatly appreciated.</P><P>Thank you in advance for your help.</P> Wed, 28 Jan 2026 21:16:32 GMT danifandinonearpod 2026-01-28T21:16:32Z https://help.powerschool.com/t5/Community-Forum/Schoology-Sending-LTI-Launch-Requests-with-Expired-JWTs/m-p/566161#M28679 <P>Hello everyone,</P><P>We are an educational platform that integrates with Schoology using <STRONG>LTI (LTI 1.3)</STRONG>.</P><P>According to our server logs, we are receiving multiple <STRONG>LTI launch requests</STRONG> from Schoology where the <STRONG>JWT is already expired</STRONG> at the time it reaches our launch endpoint. In many cases, the token is expired by several minutes, hours, and occasionally even days.</P><P>This is causing authentication failures on our side, as we strictly validate the <STRONG><EM>exp</EM></STRONG> claim in the JWT.</P><P>We would like to understand:</P><UL><LI><P>Is this behavior expected under any circumstances?</P></LI><LI><P>Could this be related to a <STRONG>Schoology configuration</STRONG>, caching, retries, or background jobs?</P></LI><LI><P>Are there known scenarios where Schoology might resend an old launch request or reuse a previously generated JWT?</P></LI><LI><P>Is there any recommended tolerance or configuration change we should apply, or should all launches always include a freshly generated JWT?</P></LI></UL><P>Any insight, documentation, or similar experiences would be greatly appreciated.</P><P>Thank you in advance for your help.</P> Wed, 28 Jan 2026 21:16:32 GMT https://help.powerschool.com/t5/Community-Forum/Schoology-Sending-LTI-Launch-Requests-with-Expired-JWTs/m-p/566161#M28679 danifandinonearpod 2026-01-28T21:16:32Z