Degraded AWS performance is currently impacting some Canvas users in the North American region. Check Canvas Status for updates.

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
mohammad-fard
Community Member

deep linking

Jump to solution

Hi

I'm an external tool developer. We've implemented LTI 1.3 specs for our tool but have a problem with deep linking with Canvas.

We've created a course as an instructor and inside of the course created an assignment. For submission type, We've selected an external tool, and when we clicked the "find" button and select our tool another window shows our HTML. On our page, the students should select a button and after that, the tool returns a JavaScript with auto-submit functionality. The problem is when it post encoded deep linking return message as a JWT with proper parameters to "deep_link_return_url" we get an error in Canvas.

1.jpg

The return URL is "https://OURNAME.instructure.com/courses/12/deep_linking_response?modal=true" and we post JWT to this URL.

 

Our sample JWT has these parameters and it encoded with the tool private key.

2.jpg

 

What should we do to overcome this issue and send a proper message to Canvas?

 

 

Labels (3)
0 Kudos
1 Solution

Accepted Solutions
svickers2
Community Participant

Another couple of things to check:

  1. Did the deep linking request include a data property in the https://purl.imsglobal.org/spec/lti-dl/claim/deep_linking_settings claim?  If so, this should be included in the response as a https://purl.imsglobal.org/spec/lti-dl/claim/data claim.
  2. Is the endpoint which has been configured in Canvas for accessing your public key working?  Try navigating to it directly and make sure a key is returned with the same kid value as being used for signing your message.

 

View solution in original post

7 Replies
matthew_buckett
Community Contributor

The data encoded in the JWT you are sending back looks fine (a very similar JWT works fine for me).

I have seen the error you are encountering when I was sending back the JWT using a lowercase form parameter 'jwt' instead of an uppercase one 'JWT'. Could that be what's wrong in your case?

This part of the specification: https://www.imsglobal.org/spec/lti-dl/v2p0#deep-linking-response-message says that it has to be uppercase.

svickers2
Community Participant

Another couple of things to check:

  1. Did the deep linking request include a data property in the https://purl.imsglobal.org/spec/lti-dl/claim/deep_linking_settings claim?  If so, this should be included in the response as a https://purl.imsglobal.org/spec/lti-dl/claim/data claim.
  2. Is the endpoint which has been configured in Canvas for accessing your public key working?  Try navigating to it directly and make sure a key is returned with the same kid value as being used for signing your message.

 

View solution in original post

@matthew_buckett Thanks for the replay, the name is in uppercase.

This is the script that we use to send JWT back to Canvas.

<form id="lti13_deep_link_auto_submit" action="https://OURNAME.instructure.com/courses/12/deep_linking_response?modal=false" method="POST"><input type="hidden" name="JWT" value="TOKEN_VALUE" /><input type="submit" name="Go" /></form><script type="text/javascript">document.forms['lti13_deep_link_auto_submit'].submit();</script>

@svickers2 Thanks for the replay

1: The deep linking request has not data property.

2: The endpoint is working and I have checked kid values, they are the same.

svickers2
Community Participant

Try not giving your submit button a name so that it does not get included in the POST data.  Have you checked the signature of your JWT against your published public key?

matthew_buckett
Community Contributor

If I put an incorrect key in my developer key settings I get:

{"errors":{"jwt":[{"attribute":"jwt","type":"JWT verification failure","message":"JWT verification failure"}]}}

when I try to return a content item.

The only way it breaks in the same way for me is if I'm not sending the JWT back correctly (form parameter issue), but it looks like it's all correct from the snippet you sent. I send content items back like this (React):

      <form action={returnUrl} method='POST'>
        <input type='hidden' name='JWT' value={this.state.jwt} />
        <input type='submit' value='Go' />
      </form>

I am not auto-submitting at the moment as I was debugging some things.

My return URL is very similar (just different deployment and course).

@svickers2 As you mentioned, it seems the problem was Canvas hadn't accessed our public key because of using a self-sign SSL certificate in our public key endpoint. After we paste our public key details in the developer key instead of using the public JWK URL, the problem is gone. thanks.