I need some help.

I'm integrating our external platform as an LTI tool. Everything works as expected and we can launch our tool from Canvas.

Though, I encountered an unexpected issue when dealing with students with multiple email addresses that I believe is a bug in Canvas. These are the steps to reproduce:

- Log in as instructor. Invite student to course via email (this will send out an email invitation link)

- Student (1) clicks on link and register as a new student

- Instructor invites another student (different email) to the same course (this email is used by the same student that registered previously)

- Student (1), in the same browser where he's already logged in, paste the second invitation link. Canvas asks if we want to just add the email to the currently logged in user or create a new user. We answer "Yes, Add email address". This adds the new email address to the existing Canvas student account.

- Student (1) now tries to launch the external tool again.

What happens now is that the LTI message sent to the tool will contain a different "subject" (sub), instead of the one I would expect to see, since the account we're using is the same as before, but now with a "different" LTI sub!  This is not in line with LTI 1.3 Core specifications, that clearly state that:

"sub: MUST be a stable locally unique to the iss (Issuer) identifier for the actual, authenticated End-User that initiated the launch."