LTI 1.3 launch => iframe cannot get log_session_id cookie

Jump to solution
TinaWong
Community Explorer
‎04-12-2023 10:04 PM

Hi all, 

(I use sandbox with AWS Canvas Subscripiton.)

Our tool requires user authorization for using Calendar API. However, users would be redirectd to Canvas login page when asking for permissions with authorization code path in iframe. It works perfectly when opening in a new tab, though. I wonder how I could run auth redirecting smoothly in iframe.

Could someone please give me some directions so that I could know where to work on?

 

Many thanks,

Tina

Preview file
54 KB
0 Likes
1 Solution

Jump to solution
matthew_buckett
Community Contributor
‎04-17-2023 12:33 AM

There are problems with LTI tools running in iframes getting their cookies blocked, but I haven't seen problems with the actual Canvas cookies being blocked. This isn't something like using a different domain for the OAuth2 flow and so you're not logged in there? Is the browser sending the Canvas session cookie on the request in the iframe?

We normally launch the OAuth2 flow to ask the user for access in a new browser tab and then use a window.postMessage to tell the LTI tool that the token has been granted, but if I change this to be in the iframe it still seems to work ok.

View solution in original post