Community help

edwin_laarakker · ‎04-17-2020

What I'm trying to figure out is the following:

I have an LTI that can be accessed from the course menu, in the LTI launch event we get the usual parameters and we can verify the signature etc. in the launch event. Witihin the launch event, after some LTI checks such as oauth_signature, I use the command:

await HttpContext.SignInAsync(CookieAuthenticationDefaults.AuthenticationScheme,
new ClaimsPrincipal(claimsIdentity));

This results in that the user has signed in with some additional claims that I added to the claimsIdentity parameter in my application( such as User.Identity..)

The next thing that I want to achieve is to run API actions as the logged in user, for that I need a token for the user, which I can retrieve with OAuth. I did implement the solution described in Implementing OAuth in an ASP.NET Core 2.2 MVC web app

But in this blog post a challenge action is performed in the accountcontroller / login method. If I perform a challenge to retrieve tokens, the application overrides the logged in User with the claims retrieved from the OAuth event. This results in that additional claims are lost.

So the question is: How to handle such case?

bclauss · ‎06-29-2020

@Alexandre_Sch ,

I'm following along with Garth Egbert's Blog series that ends with .NET - OAuth2 Workflow: Part 3 - Refresh Token and I'm running into an issue where he's using the (seemingly deprecated) HttpRequestBase class from System.Web.

I've added the newer LtiLibrary.AspNetCore from Andy Miller, but I'm not sure how to get the HttpRequest information needed to complete the GenerateSignature to verify the OAuth request or to get the list of parameters (NameValueCollection) that the old HttpRequestBase.Forms used to provide.

Can you provide some direction on this?

Thank you,

Bryan Clauss

View solution in original post

Alexandre_Sch · ‎06-02-2020

Hi Edwinn,

You can remove the code from the startup and build it again inside a controller.

You will need:

Send a get:

https://famonline.test.instructure.com/login/oauth2/auth?client_id=ur_client_id_canvas_app&response_...

On your redirect, u can create a function to receive the code FunctionName(string code)

Getting the code, u will send a post:

var response = await client.PostAsync("https://xxxxx.test.instructure.com/login/oauth2/token?grant_type=authorization_code&client_id=xxxxx&client_secret=xxxxx&redirect_uri=https://localhost:xxxx/Home/GetCode&code=" + _code, null);

With the response, you will get your access_token, the refresh_token and a few other variables

If you dont want the user to create a new token every time, you will need to implement the lti flow and get the oauth variable that canvas send when you click on the app menu (check this: .NET LTI Project - Part 2 - Launch Request )

with that, you will get the user_id from canvas that are starting your app, u can check if that id has a access_token/refresh_token stored on ur Bd, and with that, authorize the user or not.

After that, ur able to run any api call using the access_token that is stored (if the app have all the scoped u want)

Hope it helps!

bclauss · ‎06-29-2020

@Alexandre_Sch ,

I'm following along with Garth Egbert's Blog series that ends with .NET - OAuth2 Workflow: Part 3 - Refresh Token and I'm running into an issue where he's using the (seemingly deprecated) HttpRequestBase class from System.Web.

I've added the newer LtiLibrary.AspNetCore from Andy Miller, but I'm not sure how to get the HttpRequest information needed to complete the GenerateSignature to verify the OAuth request or to get the list of parameters (NameValueCollection) that the old HttpRequestBase.Forms used to provide.

Can you provide some direction on this?

Thank you,

Bryan Clauss

Alexandre_Sch · ‎06-29-2020

Hi Bryan,

You can use the ltilibrary.core.oauth (still works in netcore 3.1 projects)

Regards,

Alexandre S.

bclauss · ‎06-29-2020

Alexandre,

What is the ReqForm() call? I'm assuming it provides a NameValueCollection. Would you be able to share the code for that?

-Bryan

ASP.Net Core 3.1 LTI Development and OAUTH tokens

LTI

Is it posible to get the self_enrollment_code trou...

Display LTI content in pages from Editor LTI Place...

Media Plugin for Canvas LMS

Is there a way to customize the format and structu...

Search API - return Courses with include[] data ?

UI for weekly progression idea

Is the ‘Enable self assessment’ field available in...

Canvas Rubrics API Criteria

api/v1/courses/sis_course_id:{id#}/sections - Not ...

add `desc` or `asc` to a few api calls that are al...

You're signed out

ASP.Net Core 3.1 LTI Development and OAUTH tokens

Community help

View our top guides and resources: