I'm starting the process of converting some Java-based LTI tools (Java is used for LTI validations, and also for proxying the Canvas API, although not on the client side) to the LTI 1.3 standard. If you are using Java in your development, what LTI 1.3 libraries are you currently using, or would you recommend? In addition, if you could point to examples of use of such libraries which do not require a Spring Boot application, that would be very helpful. I haven't seen much publicly available (I am aware of the libraries created at the UOC, although I found no examples of use for a regular web app -only one example is public, and is for a Spring Boot application-). Thanks!
We built a LTI 1.3 implementation for Spring Boot that builds on the Spring Security OAuth2 libraries:
there's a demo project that uses that library here:
It's worked reasonably well for us and we've used it for all our more recent LTI tools.
I apologize if this is a repeat (I'm pretty sure I posted a reply earlier but somehow it did not get recorded!). Thanks Matthew for your reply (BTW, I enjoyed watching your LTI presentation at CanvasCon Online). Since my apps do not use Spring though, I was hoping somebody would have either done something for this type of (plain) Java app, or at least show an example of how their libraries can be used from such application (which is why I specifically asked for a non-Spring Boot type application example, although I appreciate your response in any case!). Could any of the libraries you've worked on be used without Spring?
Sorry when reading your message I complete missed the "not". I can't take credit for a CanvasCon presentation, I think it must be a different Matthew.
The Spring Security OAuth2 code (which the LTI 1.3 code uses), builds on the libraries from Connected2ID (https://connect2id.com/products/nimbus-jose-jwt), however writing a full LTI 1.3 implementation is a reasonable piece of work as LTI 1.3 is more complex than LTI 1.1
Thanks again for replying. And sorry for having confused you with a presenter at Canvas Con!. Yes, I agree that it's likely considerable work to start from scratch building an LTI 1.3 java app - although I'm pretty familiar with Java itself and have built many such non-Spring apps, but they were all using basic (open source) LTI libraries , so I'm going to have to decide whether to do all that work myself, or look for some other alternative which would also requite quite a bit of work too (e.g. converting my apps to use Spring Boot so I could use your libraries -or those from UOC-, etc.). Unless somebody else comes up with what I need before I start building it myself, of course, which would be the ideal :-). Thanks again for your input!
Hi Everyone! I just thought I'd say hello on this thread because I, too, am a java developer with existing tools (on LTI 1.1) and am seeking to update to LTI 1.3. (Our institution is in the process of moving to Canvas, and I'm updating my tools at the same time.).
As a first step, just to help with my learning, I used the IMS Global's LTI 1.3 Reference Implementation to create a "dummy platform" and "dummy tool" and got them talking to each other successfully. (confession, that took me the better part of a day because I had to slow down and get acquainted with all the configuration options!). I also highly recommend this video. I watched it twice!! https://www.youtube.com/watch?v=qHStELNsYyI
As a second step, I'm very grateful for the library above. Thank you Matt! I downloaded it from github and got it running. I don't usually use Spring Boot either, but, the whole LTI 1.3 process is more complicated than my whole LTI app, so, it's easier for me to rewrite my app from scratch based on a working LTI template than it is for me to start over with LTI in my existing app's structure.
So, building off my experience above, my goal is to get the "dummy platform" talking instead to the spring-security-lti-demo. I don't quite have it working because the IMS reference implementation is giving me an unhelpful Rails error. So, I'm watching lots of nerdy technical talks to teach me about Oauth2 and I'm combing through the http parameters at each step of the launch flow.
For me, it's failing on the authorization request step, where it's trying to go back to OIDC Auth URL (https://lti-ri.imsglobal.org/platforms/xxxx/authorizations/new). It's an HTTP 500 Internal Server Error on the IMS Reference implementation side (the "dummy platform"). I'm quadruple checking the public and private keys, etc, but have not yet figured it out.
Anyway, if there's community here of others in a similar situation, I'd be very happy to share experiences. Even if we get stuck at different steps, it helps to learn the stuff overall with others!
Thanks for your post @iosparkletree1 ! Sure, it'd be nice to share experiences as we pursue our respective LTI 1.3 conversions! My disadvantage with respect to IMS resources is that I only have access to their public docs (and, I believe, there's public access to their reference implementation but not to all of their tools, for example, which is unfortunate). I might start with a real platform instead of coming up with a 'dummy' one (since I could test a tool against the Canvas platform; which could be quicker ). In any case, I'll take a look at what IMS offers just in case. BTW, thanks for pointing out to the You Tube webinars from the IMS. I had not watched that one yet, and I also found it pretty useful, as you commented.
It's great to have a place to reach out and be not alone!
I, too, only have access to the IMS public docs.
I am quite stuck in my attempts to connect the IMS LTI 1.3 Reference Implementation "dummy platform" with spring-security-lti-demo. So, I next tried to connect to different java library, Unicon's: https://github.com/Unicon/tool13demo. Even though I got this up and running too, unfortunately I'm again sstuck with a Rails error on the reference implementation site at the authorization request step.
I didn't even try connecting to either of these tools with Canvas, because I thought I should build up everything from the reference implementation first. But, I'm so stuck I'll try anything!
A disadvantage that I have is that I'm a developer, not an admin, so I don't have permission to adjust any of our institution's developer keys. I have to submit tickets to a colleague to set it up for me, which makes it difficult to explore with trial and error. But, on the plus side, we learn together!
Best wishes with your configuration. Here's hoping that one day soon, we'll both be working on our actual tools, once we get past the barrier that is LTI 1.3's complexity.
Cool thanks svickers2, good to know!
Here's the latest from me. As I mentioned, I tried a couple examples (spring-security-lti-demo and tool13demo) but couldn't get either to work against the IMS Reference Implementation (lti-ri). I am really perplexed because they should work. I even emailed the IMS Global info address to ask if you have to be a paying member to be able to use the lti-ri. They responded that I should be able to use it for Deep Linking, Assignment and Grades and Names & Roles.
As a stab in the dark, I decided to try getting them to run against our Canvas instead of the lti-ri.
To do that, I had to deploy to our test server, because the Canvas test server wouldn't be able to communicate with my development machine, which is on a hidden part of our network. So, I tried to deploy spring-security-lti-demo to a test server but discovered that Spring boot 2 requires Tomcat 8. Unfortunately, my institution has not yet upgraded and are still on Tomcat 7. So, I can't use spring-security-lti-demo. Tomorrow, I'll try tool13demo.
It is tempting to try the testing platform offered by svickers2 instead of the lti-ri, but I'm not familiar enough to know how to fill in all the options correctly!
It still nags me that I couldn't get the applications from github running against the lti-ri because those should work right out of the box.