LTI Advantage launch vs access token for NRPS

Jump to solution
JWildman
Community Member
‎10-25-2022 11:20 AM

I'm currently looking to integrate Canvas through LTI Advantage with a tool, mainly in order to pull course rosters through NRPS, the Names and Role Provisioning Service. I unfortunately need to build the integration from scratch, so I've been combing over the documentation provided by Canvas.

It seems to me that there are two separate flows that need to occur in order to call the NRPS API. Firstly, I need to go through the LTI Advantage Launch flow to get an id_token to get user/course info which I can use to validate the request. But then in order to call the Names and Role API, I need to go through another OAuth2 flow using client_credentials to get an access token that can then be put in the header to the Names and Role API request.

However, between the LTI launch and the Names and Role API request flow, it seems as though no information/tokens from the launch are necessary in order to make an NRPS request. Therefore, is it necessary to implement a launch in order to access NRPS? Could I theoretically authenticate using Canvas but then still be able to call NRPS so long as my tool has a client_id?

Labels (2)
Labels
1 Solution

Jump to solution
matthew_buckett
Community Contributor
‎10-31-2022 06:48 AM

I think you're correct on all your assumptions. Your tool can continue to make NRPS calls once it knows the URL for a particular course. If you enable the names and roles provisioning service for your LTI Developer Key then you should get a claim of https://purl.imsglobal.org/spec/lti-nrps/claim/namesroleservice which includes the URL in the 'context_memberships_url' property that you can use. That should make your integration work across multiple LMS platforms as it doesn't depend on the Canvas specific URL patterns.

We've used the NRPS in several of our tools pretty successfully and haven't had too many problems.

View solution in original post

0 Likes