cancel
Showing results for 
Search instead for 
Did you mean: 
yuling3086
Community Participant

not able to receive an ID token from CANVAS

Hi,

Anyone know why I not able to receive an ID Token?

{"messages":["The idToken field is required."],"error":null}
0 Kudos
4 Replies
bbennett2
Community Champion

Can you share some of your code? Are you trying to get a token with OAuth? Or are you trying to send an API key you created as a user? At what point is this error coming in?

yuling3086
Community Participant

I am trying to get an ID token with OAuth.

Below is my code,we try to get the ID token during our onPost :

 

/// <returns></returns>
[HttpPost("tool")]
[Consumes("application/x-www-form-urlencoded")]
[ProducesResponseType(typeof(NoResultResource), 201)]
[ProducesResponseType(typeof(ErrorResource), 400)]
public async Task<IActionResult> OnPostAsync(

[FromForm(Name = "id_token")] string idToken,

[FromForm(Name = "state")] string state = null)

{
_logger.LogInformation($"ID Token:{idToken} State:{state}");

 

The OAuth flow is two steps: the first step returns a unique code you post back to Canvas to receive the final token.

1. In your app, direct the user to a URL with the following structure:

https://<canvas-install-url>/login/oauth2/auth?client_id=XXX&response_type=code&state=YYY&redirect_uri=https://example.com/oauth_complete

  • Your client_id should match the Developer Key you set up in Canvas.
  • The code param is required to retrieve the unique code in the response.
  • Pass the current oauth state value for the user making the request. This is typically generated by a library handling OAuth.
  • The redirect URI is a page you control which makes the final request to Canvas for an API token.

2. On your redirect page, extract the code parameter from the URL querystring. This code is then POSTed back to Canvas for the user.

https://<canvas-install-url>/login/oauth2/token

The payload object should have:

  • grant_type: request the type you need for the request
  • client_id: your registered client ID in the Canvas Admin Developer Key section
  • client_secret: your registered client secret in the Canvas Admin Developer Key section
  • redirect_uri: this must match the URI specified in step 1.
  • code: The code received in step 1.

You can store the response from Canvas for your user to reuse the token for subsequent calls. You'll also get a refresh token which can be used to reauthorize after the initial timeout. Check to make sure you're making the second call with the correct call, etc. I also have a Python project validating with OAuth and you can see how that is structured if you would like.

yuling3086
Community Participant

We already do the setup of Canvas with our tools. Unfortunately, we could not get the id token to redirect to our tools.

But we already get all the data required to integrate Canvas with our tools(iss,logint_hint,target_link,lti_message).

We keep getting the error of "54.179.27.209” refused to connect when we are using https://canvas. Instructure.com as iss.

Can I know why it happen? Most of the website we refer tells that we need to use https://canvas. Instructure.com as our iss.

Are we having the problem with the canvas setup actually?

 

  1. a) Paste your API Key → Client ID
  2. b) https://canvas.instructure.com → Issuer
  3. c) https://clickview.instructure.com/login/oauth2/token → Access Token URL
  4. d) https:// clickview.instructure.com /api/lti/authorize_redirect → Authorize URL
  5. e) https://clickview.instructure.com/api/lti/security/jwks → JWK Set URL

 

We do folow this setup at our tools. Need some guide for this issue. Thanks.