Community Help

chase_willden · ‎07-10-2020

If I understand the LTI 1.3 specs correctly, it sits on top of the OpenId Connect specs. According to the specs in section 4, Final: OpenID Connect Discovery 1.0 incorporating errata set 1 , there should be a .well-known/openid-configuration endpoint. I do not see that Canvas provides this endpoint. Are there plans to add it?

RobDitto · ‎07-11-2020

@chase_willden my understanding is that LTI 1.3 extends the OpenID Connect Core in a way which doesn't require that particular discovery endpoint. Third-party login initiation is the key piece of OIDC Core utilized. For more on how LTI 1.3 builds on that part of OIDC, consult this part of the IMS Security Framework 1.0 public document.

And, assuming I'm not mixing up meanings of discovery here, the Canvas platform's implementation of LTI 1.3 provides an authorization endpoint which redirects from a consistent URL, helping to ensure an authorized issuer regardless of the Canvas instance where the tool launch is happening. See step 2 here:

Configuring LTI Advantage Tools - Canvas LMS REST API Documentation

View solution in original post

RobDitto · ‎07-11-2020

@chase_willden my understanding is that LTI 1.3 extends the OpenID Connect Core in a way which doesn't require that particular discovery endpoint. Third-party login initiation is the key piece of OIDC Core utilized. For more on how LTI 1.3 builds on that part of OIDC, consult this part of the IMS Security Framework 1.0 public document.

And, assuming I'm not mixing up meanings of discovery here, the Canvas platform's implementation of LTI 1.3 provides an authorization endpoint which redirects from a consistent URL, helping to ensure an authorized issuer regardless of the Canvas instance where the tool launch is happening. See step 2 here:

Configuring LTI Advantage Tools - Canvas LMS REST API Documentation

karl · ‎07-29-2020

You are correct, Canvas doesn't have support for this yet, but we do plan to support it in the future.

The IMS LTI working group has a proposed specification in progress to add support for this as an additional capability similar to Names and Roles Provisioning Service to compliment LTI 1.3 and its use of OIDC. We have a few challenges we need to figure out as we work through adding this support. The specification allows for tools to not only register through the well known endpoint, but to also send through updates. We'd like to support both capabilities.

With more schools/institutions concerned about what data they are approving access to, we'll have to consider how updates can go through an approval process by Canvas admins before they can work within their respective Canvas accounts.

mybcito · ‎10-12-2020

Hi

Is there any update on a timeline for this by any chance please?

ismail_orabi · ‎02-15-2022

Is there any update on this?

DallinScherbel · ‎11-05-2021

We were looking at this as well, and it still doesn't seem to be implemented. Now that IMS Security Framework Version 1.1 has been finally released (https://www.imsglobal.org/spec/security/v1p1) is there any updates to the timeline?

Thanks!

Canvas .well-known/openid-configuration endpoint for LTI Tools

LTI

Standards

New Media Player in open source version

Canvas API adds "-#" to the end of the URL when cr...

Question on the File API UUID Deprecation

displaying and submitting a student_annotation ass...

Gray screen for Microsoft OneDrive LTI - Local hos...

Canvas API Working Without Token?

New Media Player in open source version

Canvas API adds "-#" to the end of the URL when cr...

Question on the File API UUID Deprecation

Does Canvas provide /files/:id/create_success?uuid...

You're signed out

Canvas .well-known/openid-configuration endpoint for LTI Tools

Community Help

View our top guides and resources: