Community Help

jloiacon · ‎04-02-2018

I developed an LTI tool and tried to masquerade as a Teacher to test the tool, but Canvas gave me the following error.

Is there something special that I need to do to allow my tool work when masquerading? It looks like it has to do with using a developer key to generate an oauth token, but I'm not sure how to get oauth to work when masquerading or to get my tool to identify when the user coming from Canvas is masquerading.

pklove · ‎04-03-2018

Just had time to emulate this and I see where you get the message.

Canvas won't let you obtain a token when masquerading. I doubt there is any way around this.

The only way to really test something as a user is to actually log in as that user. As Stuart does, this means you need test users with the particular role you are testing.

View solution in original post

stuart_ryan · ‎04-02-2018

Hi @jloiacon ,

I will admit I don't have any experience with developing LTIs, however I can offer some advice on what we did for this. I had always assumed that this was a feature within Canvas (i.e. ensuring someone masquerading could only do so within Canvas, and not other tools). I anticipate this is due to auditing information being readily available within Canvas, however the external tool would only see what looked like the original user, hence could become an auditing risk.

The way we have bent around this is by creating a small number of 'testing' accounts that we can issue out temporarily on an as-needed basis to academics and learning designers to test functionality where the student-view is insufficient.

As the testing accounts have an email address, this provisions a new account through to linked LTIs and therefore enables testing without the need for masquerading.

Is that something that might satisfy your use case?

Cheers,
Stuart

pklove · ‎04-02-2018

For the masquerade identifying, there are custom variables that can be used. For example, Canvas.masqueradingUser.id will give you the Canvas user id for the masquerading user.

See: LTI Variable Substitutions

pklove · ‎04-02-2018

Can you clarify the workflow and at which point you get the message? Does the LTI tool launch okay (it should) and then you get the message when attempting to obtain an access token using OAuth?

If its the latter, and given the message, it looks like you probably are simply not allowed to obtain a token when masquerading. That is, the only person who can authorise a tool to act as them for API calls using OAuth is that person, not a third party masquerading as them.

pklove · ‎04-03-2018

Just had time to emulate this and I see where you get the message.

Canvas won't let you obtain a token when masquerading. I doubt there is any way around this.

The only way to really test something as a user is to actually log in as that user. As Stuart does, this means you need test users with the particular role you are testing.

Masquerading to Test LTI Tools

New Media Player in open source version

Canvas API adds "-#" to the end of the URL when cr...

Question on the File API UUID Deprecation

displaying and submitting a student_annotation ass...

Gray screen for Microsoft OneDrive LTI - Local hos...

Canvas API Working Without Token?

New Media Player in open source version

Canvas API adds "-#" to the end of the URL when cr...

Question on the File API UUID Deprecation

Does Canvas provide /files/:id/create_success?uuid...

You're signed out

Masquerading to Test LTI Tools

Community Help

View our top guides and resources: