Showing results for 
Show  only  | Search instead for 
Did you mean: 
New Member

LTI 1.3 Integration Testing Error

I am currently testing our LTI 1.3 Tool with Canvas, and after the OIDC Third Party Login in which Canvas sends login parameters including the lti_message_hint, we redirect with a request to the authorize URL in order to request the id_token (per the LTI 1.3 OIDC flow). However, when we make this request to the authorize URL I receive the error: 

while(1);{"status":"bad_request","message":"Invalid lti_message_hint","error_report_id":170209301}

Even though we're sending back the exact lti_message_hint that we received on the OIDC TPL request (per the LTI 1.3 Spec). Any insight into why I might be getting this error would be greatly appreciated.

Labels (1)
13 Replies
Community Member

Can you post the actual URL you are re-directing to?  Just alter any sensitive data.

So I was able to resolve the other issue, but I'm now getting a server error when I send the request to Canvas for an id_token after the OIDC TPL. Here is the request url and error:

while(1);{"errors":[{"message":"An error occurred.","error_code":"internal_server_error"}],"error_report_id":145}

Your assistance is greatly appreciated! pklove

Community Member

Which Canvas server are you sending the request to?

It is a image loaded on to one of the companies private servers, are there public accessible servers for testing pklove‌?

Community Member

I've only done LTI 1.3 against Instructure hosted Canvas.

For those you use: 

Although also works.

New Member

 @haeven ‌ I'm getting the same "Invalid lti_message_hint error" from your original post. How did you resolve that?

Thanks for your help!

Update: I wasn't forwarding the value properly. So I've now advanced past the lti_message_hint error and on to a generic server error. This one should be fun to debug Smiley Happy 

This is also where we are at with our testing, we tested with a customer's dev environment and we did not receive this error so we concluded that is has something to do with our Canvas image/deployment.

New Member

Did anybody found solution for this? I on the other hand keep getting invalid_scope error when I pass any scope or no at all. I tried with canvas scopes and with `openid` one.

Invalid Scope errors could mean you're either requesting a scope not granted to the developer key or you're using an improperly crafted scope name (the scopes are in URI format). Double check your developer key to make sure you've granted the particular permission(s) you're requesting (I assume you're requesting something like view users/roles, view assignments, modify grades, etc) or double check the format of the scope you're passing.

Here's an example of the POST parameters I'm using, requesting ALL scope permissions (with our signed JWT appended at the end)

grant_type=client_credentials&client_assertion_type=urn:ietf:params:oauth:client-assertion-type:jwt-bearer&scope=" + jwt