courtney_osulli
Community Participant

LTI: Creating a deep link to external service using User Integration ID

Hey,

Just wondering if any one has been able to create an LTI that uses an external parties deeplink so that i can add the link somewhere inside Canvas. We have the data we need to pass in the integration id field of all users in our instance but I'm a bit confused with the LTI creation process. 

I have tried following the instructions on the given on the LTI documentation site but I'm getting a bit confused with the login url etc. 

Below is what I have. Variables have been replaced for submission. 

{  
   "title":"DeepLink - Student",
   "scopes":[ ],
   "extensions":[  
      {  
         "domain":"custom.deeplink.com",
         "tool_id":"add-deepink-canvas_student",
         "platform":"canvas.instructure.com",
         "settings":{  
            "text":"DeepLink for student",
            "icon_url":"{URLtoIMAGE}",
            "placements":[  
               {  
                  "text":"View DeepLink for $Canvas.user.name",
                  "enabled":true,
                  "icon_url":"{URLtoIMAGE}",
                  "placement":"user_navigation",
                  "message_type":"LtiResourceLinkRequest",
                  "target_link_uri":"{URLToService}?ProfileExternalId=$Canvas.user.sisIntegrationId",
                  "canvas_icon_class":"icon-lti"
                 
               }
            ]
         }
      }
   ],
   "public_jwk":{  
      "kty":"RSA",
      "alg":"RS256",
      "e":"AQAB",
      "kid":"8f796169-0ac4-48a3-a202-fa4f3d814fcd",
      "n":"nZD7QWmIwj-3N_RZ1qJjX6CdibU87y2l02yMay4KunambalP9g0fU9yZLwLX9WYJINcXZDUf6QeZ-SSbblET-h8Q4OvfSQ7iuu0WqcvBGy8M0qoZ7I-NiChw8dyybMJHgpiP_AyxpCQnp3bQ6829kb3fopbb4cAkOilwVRBYPhRLboXma0cwcllJHPLvMp1oGa7Ad8osmmJhXhM9qdFFASg_OCQdPnYVzp8gOFeOGwlXfSFEgt5vgeU25E-ycUOREcnP7BnMUk7wpwYqlE537LWGOV5z_1Dqcqc9LmN-z4HmNV7b23QZW4_mzKIOY4IqjmnUGgLU9ycFj5YGDCts7Q",
      "use":"sig"
   },
   
   "target_link_uri":"URLToService",
   "description":"DeepLink",
   "oidc_initiation_url":"https://canvas.test.instructure.com",
   
   
}

 

As I'm not trying to leave Canvas to do anything should the oidc be my canvas instance?


Am i trying to do something you can't do?  I just want to be able to add the link in here to the user navigation for everyone.  Is the JWT bit correct too? I am very confused with this part as I don't really understand it. 

Any assistance would be greatly appreciated?

Kind Regards

Courtney O'Sullivan

0 Kudos
4 Replies
matthew_buckett
Community Contributor

Hiya Courtney,

Can I just check I'm understanding what you are trying to achieve? You're trying to get a LTI tool link to appear in the user_navigation placement, so that when you click on the Account icon in the global navigation in Canvas it appears there, a bit like "Calendar Sync" in the attached screenshot?

If so I think you're getting close, normally if you want to pass across additional data in the LTI launch you use the custom fields property:

"title":"DeepLink - Student",
"custom_fields": {
"ProfileExternalId": "$Canvas.user.sisIntegrationId"
},
"scopes":[],
...

 Then when Canvas performs the LTI launch the integration ID will be in the custom claims of the JWT.

The oidc URL should be a URL in your application that starts the OpenID flow for authenticating the LTI launch. Using LTI 1.3 you need to support the OpenID flow initiated by a 3rd party, this is outlined in:  https://openid.net/specs/openid-connect-core-1_0.html#ThirdPartyInitiatedLogin 

A simpler solution may well be to use LTI 1.1 (it's no longer advised to be used), as although you should verify the OAuth signature you can see something working without doing this first. However do be aware that if you don't verify the signature there is nothing to stop one user impersonating another.

NB: Calling it deep linking confused me at first because there is a specific thing in the LTI standards called "deep linking", but I don't think you are actually trying to do this.

Hi Matthew,

Thanks for for the reply, sorry my terminology was based on what the linking service calls it which is likely not correct. 

The link I need to add just need the Integration ID value as part of the query string as that is all the external service knows about.
i.e.: https://externalserviceiwant.com.au?ProfileExternalId={IntegrationID}

Was just wanting to have that on a per user basis ion the profile. The external site won't know to look in the JWT for the value so what I'm reading here is that I'm probably not going to get the outcome I need with just the LTI.

By the sounds I will need to create a redirect web app to manage this. 
Will post how I go with it all if I can get it working,

Thank you very much for your reply.  

Kind Regards,

Courtney 

0 Kudos

There is the existing LTI 1.1 app that you can add to your Canvas instance that's available in the Edu App Center https://www.eduappcenter.com/apps/63

This almost does what you want, it's just missing the part to put one of the LTI variables into the URL that the user is redirected to.

If you have a service that handles the LTI redirect then there's information about adding the LTI to Canvas here: https://community.canvaslms.com/t5/Admin-Guide/How-do-I-configure-an-external-app-for-an-account-usi...

0 Kudos

Hiya,

We run a service that you can add as a LTI 1.1 tool to canvas that will redirect to another site and include information from Canvas in the redirect. If you'd like to try this out add a external app to your canvas installation (this is configured to appear on the user navigation) and put this XML in:

https://redirect.wyelearning.com/config.xml?url=https%3A%2F%2Fexternalserviceiwant.com.au%3FProfileE...

or if you want it to appear in a new tab/window:

https://redirect.wyelearning.com/config.xml?url=https%3A%2F%2Fexternalserviceiwant.com.au%3FProfileE...

You can customise the URL you want to redirect to. For users without a integration ID an empty string will get sent.

There are details about how to configure an LTI 1.1 tool in an account on: https://community.canvaslms.com/t5/Admin-Guide/How-do-I-configure-an-external-app-for-an-account-usi...

For this tool there doesn't need to be any key or secret as it doesn't require a signature.

I hope that's useful.

0 Kudos