Peter, could you provide the code and steps you followed for this 1.3 implementation? Is it the same code as here: https://community.canvaslms.com/thread/24209-hire-an-lti-consultantfreelancer?commentID=107773#comme...
No, not the same code. 1.3 is completely different to 1.1/1.2.
In terms of steps etc., we have a live test tool that shows the process and what is exchanged, but that probably won't be made public until Canvas move 1.3 out of beta and into test.
This covers configuration at the Canvas end, but it doesn't help with configuration at the tool end.
For example, where do we find Canvas documentation that has things like the JWK set URL? People have managed to find or guess some of these, but where are they officially specified?
Thanks! That's what we needed.
Why cannot the basics go under External Tools at Canvas LMS REST API Documentation
All we really need to get started is the JWK URL (https://canvas.instructure.com/api/lti/security/jwks), the authorize endpoint (https://canvas.instructure.com/api/lti/authorize_redirect) and to know that to call services we use OAuth2 as per the Canvas REST API.
Peter, thats the API documentation for listing and updating tools via the API so it would be confusing. I think a dedicated part somewhere else in those docs to LTI specifics including placement would be great however.
I meant the "External Tools" section --- bold heading near the end of the page, not the alphabetically-in-order "External Tools" link to "External Tools API".
With the latest documentation update the standard documentation on https://api.instructure.com has been updated to reference LTI 1.3.
There is a nice overview of LTI 1.3 for developers on Configuring LTI Advantage Tools - Canvas LMS REST API Documentation
Has anyone got any examples of code for this, especially in PHP?
We're working on an LTI at the moment that includes passback, but have been having documentation issues working out how to do it in LTI 1.1. Now we're on the cusp of getting them resolved (waiting for a response to a support ticket, to check why the XML I sent it failed as the OAuth bit seems to be working well at least not erroring), I read we should be considering doing passback differently.
As a quick fudge, we used an API key for our site to pass the grade back (as we get the course, assignment and user IDs) and that works. But the plan is to roll this LTI out to other institutions so if there's a more universal API-key-free way of doing this I think we should be implementing it before it gets that far.