Hi Lyle,
Let's see if we can point you in the right direction. I wanted to check a couple of things first, as you are using developer keys, can I assume you are using OAUTH to then generate a user token and then using that user token for authorisation?
The developer key is intended for enabling OAUTH apps to securely authenticate a user and then generate a token on their account.
I will admit my knowledge of how you would do this from within LTI is rather limited (I have not developed an LTI app myself), however, should be able to go through the logic.
Also, can you possibly provide some insight into exactly what you are trying to attempt (almost a high level architecture), and is this for a small, limited number of users, or something wider you are looking to roll out? That will help ascertain a couple of different approaches.
I also did some digging through the community and managed to stumble across an example of an LTI that does OAUTH for access to the Canvas APIs also. It might not be in the same language, but, you may be able to review for the general logic GitHub - ucfopen/lti-template-flask-oauth-tokens: LTI template written in Python using the Flask fra...
I found this linked in the following thread https://community.canvaslms.com/message/163191-re-all-things-api?messageTarget=all&start=250&mode=co... (which is a fantastic bedtime read!) lots of great little tidbits here and there.
While I haven't been able to give you a complete answer, I am hoping that points you in the right direction to get you started and link into a few extra resources within the community. Please let us know how you get on and if there is anything else we an do, we will absolutely do our best!
Stuart
This discussion post is outdated and has been archived. Please use the Community question forums and official documentation for the most current and accurate information.