cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
jloiacon
Community Member

Masquerading to Test LTI Tools

Jump to solution

I developed an LTI tool and tried to masquerade as a Teacher to test the tool, but Canvas gave me the following error.

masquerade issue

Is there something special that I need to do to allow my tool work when masquerading?  It looks like it has to do with using a developer key to generate an oauth token, but I'm not sure how to get oauth to work when masquerading or to get my tool to identify when the user coming from Canvas is masquerading.

1 Solution

Accepted Solutions
pklove
Community Champion

Just had time to emulate this and I see where you get the message.

Canvas won't let you obtain a token when masquerading.  I doubt there is any way around this.

The only way to really test something as a user is to actually log in as that user.  As Stuart does, this means you need test users with the particular role you are testing.

View solution in original post

4 Replies
stuart_ryan
Community Coach
Community Coach

Hi  @jloiacon ,

I will admit I don't have any experience with developing LTIs, however I can offer some advice on what we did for this. I had always assumed that this was a feature within Canvas (i.e. ensuring someone masquerading could only do so within Canvas, and not other tools). I anticipate this is due to auditing information being readily available within Canvas, however the external tool would only see what looked like the original user, hence could become an auditing risk.

The way we have bent around this is by creating a small number of 'testing' accounts that we can issue out temporarily on an as-needed basis to academics and learning designers to test functionality where the student-view is insufficient.

As the testing accounts have an email address, this provisions a new account through to linked LTIs and therefore enables testing without the need for masquerading.

Is that something that might satisfy your use case?

Cheers,
Stuart

pklove
Community Champion

For the masquerade identifying, there are custom variables that can be used.  For example, Canvas.masqueradingUser.id will give you the Canvas user id for the masquerading user.

See: LTI Variable Substitutions 

pklove
Community Champion

Can you clarify the workflow and at which point you get the message?   Does the LTI tool launch okay (it should) and then you get the message when attempting to obtain an access token using OAuth?

If its the latter, and given the message, it looks like you probably are simply not allowed to obtain a token when masquerading.  That is, the only person who can authorise a tool to act as them for API calls using OAuth is that person, not a third party masquerading as them.

pklove
Community Champion

Just had time to emulate this and I see where you get the message.

Canvas won't let you obtain a token when masquerading.  I doubt there is any way around this.

The only way to really test something as a user is to actually log in as that user.  As Stuart does, this means you need test users with the particular role you are testing.

View solution in original post