LTI messages are not equivalent across different security models

svickers2
Community Contributor

LTI launch messages signed with OAuth 1.0A included the following custom parameters by default (i.e. without asking):

  • custom_canvas_api_domain
  • custom_canvas_course_id
  • custom_canvas_enrollment_state
  • custom_canvas_user_id
  • custom_canvas_user_login_id
  • custom_canvas_workflow_state

However, this does not appear to be the case with LTI 1.3 launch messages.  Is it intentional that LTI messages signed using different security models should not have equivalent contents?  Do custom parameter substitution variables exist for each of the above values so they could be requested manually in an LTI 1.3 message?

Thanks.