Schoology Sending LTI Launch Requests with Expired JWTs

danifandinonearpod · ‎01-28-2026

Hello everyone,

We are an educational platform that integrates with Schoology using LTI (LTI 1.3).

According to our server logs, we are receiving multiple LTI launch requests from Schoology where the JWT is already expired at the time it reaches our launch endpoint. In many cases, the token is expired by several minutes, hours, and occasionally even days.

This is causing authentication failures on our side, as we strictly validate the exp claim in the JWT.

We would like to understand:

Is this behavior expected under any circumstances?
Could this be related to a Schoology configuration, caching, retries, or background jobs?
Are there known scenarios where Schoology might resend an old launch request or reuse a previously generated JWT?
Is there any recommended tolerance or configuration change we should apply, or should all launches always include a freshly generated JWT?

Any insight, documentation, or similar experiences would be greatly appreciated.

Thank you in advance for your help.

SchoolMessenger CMA

SchoolMessenger K-12 Social

SchoolMessenger PermissionClick

Enrollment Express Family

Enrollment Family

Headed2 Family

PowerSchool Mobile Family

Behavior Support Family

Unified Talent Applicant Support

All Events

PowerSchool Ideas Portal

Adoption Resources

Customer Education

Technical Solutions Group

Customer Success Knowledge Bases

PowerSchool Mentors

PowerSchool Champions

Welcome and Getting Started

Announcements: What's New

Community Forum

PeopleAdmin Applicant Support