This document introduces the LTI 1.3 and LTI Advantage feature option as noted in the Canvas Release Notes (2019-06-22).
For additional feature updates, please refer to the LTI Developer Token release notes entries.
Third-party platform providers can create external tools using IMS Global LTI 1.3 and LTI Advantage. When supported by a tool provider, this framework allows admins to manage all LTI tool configuration data directly in the Developer Keys page. The LTI can then be added to an account or course External Apps page via an associated client ID.
This change allows external tool providers to provide improved integration standards and security between Canvas and their tool data. Additionally, Canvas admins can manage LTI tool configurations and developer keys without instructors requiring their own API key from the tool provider.
The LTI 1.3 and LTI Advantage framework involves the LTI 1.3 and LTI Advantage account-level feature option, which can be enabled for an entire account. Canvas admins can enable this feature in Account Settings.
This feature option should only be enabled to configure tools that include LTI Advantage services. Specific questions about a provider’s integration or potential integration with the LTI 1.3 and LTI Advantage framework should be sent directly to the tool provider.
Users who want to manage Developer Keys must have the Developer Keys - manage permission. Additionally, users who want to add an LTI Advantage tool to a course must have the LTI - add / edit / delete permission.
No additional permissions are required to be enabled with this feature.
This feature involves the Developer Keys API and External Tools API, which can be used to manage developer keys and external tools, respectively, by users who have the appropriate permissions.
Unlike the current process for adding an external tool, the LTI 1.3 and LTI Advantage platform requires a tool to be initially configured in the Developer Keys page, followed by being added to an account or course.
When this feature option is enabled, the Add Developer Key button includes two options: Add API Key and Add LTI Key. Selecting the Add LTI Key option displays a page for creating an LTI Key.
All data is provided by the external tool provider. Depending on the configuration method, data can be entered manually, via JSON, or via URL. The selected method displays the required configuration fields.
For all configuration methods, entries can be made for the key name, owner email, redirect URIs, and notes. The redirect URI data should also be provided by the tool provider.
After the data in the page is saved, the configuration page requires verification, which allows changes to the state of provided services, Canvas placement, and other options.
The Developer Keys page indicates LTI Keys by the external tool icon. All LTI Keys automatically generate a Client ID, which displays in the Details column. The state of the LTI Key indicates if the Client ID for the associated tool can be added to an account or course.
LTI Keys can be edited at any time. Any changes to the key may take time to apply, as changes apply to all tools associated with the key throughout the account.
For tools that are turned on, users can add the tool to an account or course if they are given the tool’s client ID. Roles outside of the admin role do not have access to the client ID, which means it must manually be shared with anyone who has permission to manually install external tools.
LTI Keys that are off cannot be added and displayed in an account or course. If a key is turned off and has already been added in an account or course, the account or course where the LTI has been added no longer displays the tool. If re-enabled at a later date, the tool will be reactivated in the account or course.
If an LTI Key is to be deleted, the tool displays a warning—this action will delete all tools associated with the developer key. Once a key is deleted, it cannot be restored. Should an admin want to re-create the LTI Key for a tool, the tool must be re-added to all previous locations where it was installed. Admins could consider disabling the key instead of deleting the key until they are certain the key should be deleted.
At the account level, external tools must be installed in the External Apps page in Account Settings.
Users who have the appropriate permission to install an LTI key must also have the Client ID associated with the key. LTI Advantage apps can be added via the Client ID option. Only the Client ID is required to be added.
If the Client ID is associated with an external tool, the tool name displays in the page. The page also confirms the tool should be installed.
If the Client ID is associated with a key that has been turned off, the app will not be able to be installed and the Client ID will display as disabled.
At the course level, external tools must be installed in the External Apps page in Course Settings.
Functionality is the same as at the account-level external apps installation process.
This document outlines existing functionality included in the initial release of this feature. LTI 1.3 and LTI Advantage will continue to receive additional feature enhancements over future releases as indicated in Canvas Release Notes. Please follow the release notes for future functionality updates, which will be indicated by the developer token tag.
Community feedback for the LTI Advantage framework is welcome per Canvas Community Feedback Guidelines, which outlines general feedback, broken functionality, and feature enhancements.
For LTI Advantage, feature enhancements should include the developer token tag. Before submitting a new idea, please review all existing Developer Keys feature ideas.
email@example.com Unfortunately we have some work to do before we can handle the custom data part of the deep linking specification. For now, is it possible for you to pass that custom data to Canvas as a query parameter or path ID's in the url that you are returning to Canvas that you can pick up in the launch request later?
Will LTI1.3 in Canvas be available for Teachers to install apps from the EduAppCentre without the administrator setting up a developer LTI Key?
And if so, is there a timeline on this, as IMSGlobal seems to be pushing all LTIs are LTI1.3 compliant by the end of 2020-22.
LTI 1.3 apps require an administrator to own the development key attached to the app. So no, administrators must set up the developer key and pass on the key information to the instructor, assuming the instructor has permission to install LTIs at the course level.
After a bit of research, I can see now this has largely to do with the Oauth2.0 process required.
My concern is that the current workflow means that we will be losing the advantages of LTI Whitelisting with any application using LTI1.3, unless there is some plan to rebuild the Whitelisting tool in the future?