Community

 @dengpan_huang    Have you checked with the Canvas admin for your school?

Or with your Canvas CSM?

I would verify the URL through your official Canvas contacts.

Thank you very much.

I am the Canvas admin, it is a big problem.:smileylaugh:

Here is the params I am using:

$params =  array(

  'oauth_consumer_key' => $_POST['oauth_consumer_key'],

  'oauth_nonce' => $_POST['oauth_nonce'],

  'oauth_signature_method' => $_POST['oauth_signature_method'],

  'oauth_timestamp' => $_POST['oauth_timestamp'],

  'oauth_version' => $_POST['oauth_version']

  );

$oauth_signature= $this->mylib->get_signature($string,'456');

PS: 456 is the secret.

Any other params do I need?

I recommend working through the example here:  http://lti.tools/oauth/

This example gives you known data to work with, and a reproducable result.

It walks you through step by step.

You might also want to look at this project on GitHub:  GitHub - jrconlin/oauthsimple: Simple, standardized OAuth signature generator

Thank you very much for you reply so soon.

I am looking at this page.

I have got the Base String:

GET&about%3Ablank&oauth_consumer_key%3D123%26oauth_nonce%3Dt7YvBnrhT41NwybddyzyqB6UmMawyE2n7kUUIIPwkUI%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1478143991%26oauth_version%3D1.0

But I don't know how to get the string "kd94hf93k423kf44&pfkkdhi9sl3r4s00"

Go back to the beginning of the article, review the defined constants for the exercise:

"The client has previously registered with the server and obtained the client identifier dpf43f3p2l4k3l03 and client secret kd94hf93k423kf44. It has executed the OAuth workflow and obtained an access token nnch734d00sl2jdk and token secret pfkkdhi9sl3r4s00"

Hi, Mr Garth Egbert

Thank you very much, you are so kindly !

I am going to give up this way.

I think it is easier if I am using token_access to build plugins which I could create from my account.

Thank you again.

Obviously I don't know what your app is doing, but bypassing authentication and using a token only raises security concerns.

Does your app have different features for students vs. instructors?

How are you going to know who is accessing your app?

How are you going to know what role that user has?

Sent via the Samsung Galaxy S® 6 edge, an AT&T 4G LTE smartphone

Thank you very much

Hi, Seth

Thank you !

I have tried to use the LTI TP, it is not easy for the New Developers, even I have 4 yeas PHP experiences.

If there are some instructions let me know how to use it will be much better.

 @dengpan_huang ​… yeah. It's a bear. And -- truth in advertising -- when LTI 2.0 is finalized, it will be out-of-date (but I think he's working on update -- that exists within the Composer-Packagist package management ecosystem).

I basically scrutinized Steven Vickers' example Ratings app until I sorta "got" it.

Here's my horseback take:

1. You're going to want to extend the LTI_Tool_Provider class to handle all incoming requests. That takes care of both authentication and extracting parameters sent from the Tool Consumer (i.e. the LMS).
2. When you instantiate your subclass of the LTI_Tool_Provider, it's going to need an LTI_Data_Connector instance to handle database connections, so that it can store backing data for the application, including the context and user IDs that the LTI_Tool_Provider will extract from the incoming requests automagically.
3. There are a few different ways of handling different types of incoming requests (e.g. "basic-lti-request" that is, essentially, an app launch from Course or Account Navigation, or a content item (e.g. a particular module link, I think). The LTI_Tool_Provider class has built in handlers for each type of request and you will need to override them in your subclass to handle them in your own way.
4. The LTI_Tool_Provider captures a lot of data about the initial request that you can query from it later. I tend to try to stash it in a session data​ for later use.

I've decided (as I alluded earlier) that I don't really like dealing with LTI_Tool_Provider nakedly, so I have wrapped it in my own package that makes it easier for me to work with it. Here's an example (that I tend to use as my template each time I build a new LTI) of how I really deal with it. For example, that's the same structure as our Advisor Dashboard LTI (placed in Course and Account Navigation) or my See All Submissions LTI (placed in Course Navigation).

What I haven't effectively tested, but I believe does work, is the homework submission passback process. (As I understand it, when then LTI is launched by the assignment, one of the parameters it includes is a URL to which the LTI can then submit the student's work when it's ready.)

Hi, Danny

I will reread the library.

Thank you very much.

Hi, Garth

Thank you very much.

I will try to use it again.