OAuth2 and LTI

Jump to solution
Community Novice

Hello all,

I am building LTI tool which will use user access token to access the course info. I finally got LTI launch and oauth2 access token working. Now I am confused why I need two pairs of ids and secrets:
1. LTI Consumer Key, LTI Shared Secret (this is for LTI launch and it is set when registering the tool)

2. Client ID, Client Token (this is to get access token through oauth2, this is set separately in Canvas developer keys section).

I thought that the idea of using oauth2 after LTI is successfully launched was that I don't need any developer keys set beforehand manually.

Or is there some common rule to set them the same
LTI Consumer Key = Client ID
LTI Shared Secret = Client Token ?



Labels (2)
1 Solution
Community Participant

Zbynek, I think I follow you here, and I'd say the overall ideas are that:

  1. LTI gets a Canvas user authenticated into your web application and,
  2. Client token gives your web app access back to the Canvas API.

So they handle very different parts of the overall process. Some LTI apps may not even need access back to Canvas, but it sounds like you do. So you'd set up and use a developer key, which in turn lets you get client tokens and access the Canvas REST API.

View solution in original post