Using Canvas to log into an external web app based on course enrolled on

Jump to solution
Community Member

I was wondering if it's possible for users to log into an external web application but only based on if they are students who are enrolled on a particular course? 

I was also wondering if it's possible to only let the course owners have additional permissions within the web application (i.e. act as 'admins'). 

I'm new to using the Canvas Web API so I have no idea if something like this is possible or not. 


Thank you in advance! 🙂 

Labels (3)
1 Solution
Community Participant

Hi @ShannonClarke,

Your use case is precisely what LTI (Learning Tools Interoperability) is designed for! LTI is a standard that allows external web applications to integrate with learning management systems (LMS) like Canvas to provide seamless access for students and instructors.

With LTI, you can:

  1. Authenticate Users: You can use LTI to authenticate users based on their enrollment in specific courses. When a user accesses your external web application through Canvas, the LTI launch includes information about the course and user, allowing you to verify their enrollment and grant access accordingly.

  2. Differentiated Permissions: You can also use LTI to differentiate permissions. Teachers, TAs, and Designers can have additional permissions within your web application, essentially acting as admins or moderators.

  3. Seamless Integration: LTI provides a seamless integration experience for both users and developers. Users can access your application without needing separate credentials, and your application can use the LTI protocol to interact with Canvas and access course and user information.

To implement LTI in your application, you'll need to:

  • Handle LTI launches in your application to authenticate users and extract course/user information from the LTI launch parameters. The user's role information will be included in the launch parameters.
  • Implement role-based permissions to allow teachers to have additional privileges.
  • Register your application as an LTI tool in Canvas.

A few years ago, Claude Vervoort made an excellent video series on YouTube that goes over the LTI standard. There are also libraries and frameworks available for different programming languages to help you implement LTI effectively. Some popular LTI 1.3 libraries include:

If there's functionality that you need to use the Canvas API for that can't be accomplished in the LTI APIs, you can still generate an access token for the Canvas API. An example of this LTI application workflow is the UDOIT project. After successfully completing the LTI launch and OAuth process, the software uses the API token associated with the instructor, designer, or admin to scan course content on behalf of the logged-in user and generate a comprehensive accessibility report to identify and help address accessibility issues.

View solution in original post