Community help

nemehta · ‎08-30-2019

We are investigating LTI 1.3 standard and have found that for the auth request the tool is expected to save the Issuer=>Client_Id mapping provided during the app registration process. Since the 'iss' claim for launches through Canvas have common "canvas.instructure.com". Is it safe to assume the clientId is going to be unique across all tenants (in other words is client_id suppose to be globally unique) of canvas ? Or is the client_id just unique for the particular tenant ?

nemehta · ‎01-31-2020

I was able to get an answer offline. ClientId is unique globally. Putting it here for future reference to anyone else. Let me know if there is a misunderstanding.

View solution in original post

Robbie_Grant · ‎01-30-2020

@nemehta ,

First, I want to apologize for your question sitting in the community for so long without a response.

Second, it looks like you have stumped the Canvas Community. Were you able to find an answer to your question? I am going to go ahead and mark this question as answered because there hasn't been any more activity in a while so I assume that you have the information that you need. If you still have a question about this or if you have information that you would like to share with the community, by all means, please do come back and leave a comment.

Robbie

nemehta · ‎01-31-2020

I was able to get an answer offline. ClientId is unique globally. Putting it here for future reference to anyone else. Let me know if there is a misunderstanding.

DavidEisner · ‎10-03-2023

I'm wondering if this is necessarily true. It is probably true for Instructure-hosted tenants, but I've noticed that when I spin-up a self-hosted Canvas instance (from the open-source GitHub project) and generate a developer key, the first client_id is always 10000000000001. And the 'iss' claim in the token is "https://canvas.instructure.com".

I'm not sure if this definitively answers the question, but the LTI 1.3 spec states: "A resource server, e.g., platform instance, is uniquely identified by its issuer, client_id, and deployment_id ..." So I think it's probably safe to treat this triplet as globally unique. Canvas, at least, uses uuids for course ids, and as these are part of the deployment_id there should be no collision.

cawight · ‎10-04-2023

The client_id value will always uniquely identify a particular LTIA provider within a platform or iss. However, while Canvas and D2L/Brightspace create a different client_id for two different accounts (deployments) that identify a single provider (client), other platforms do not follow this model. Blackboard and Schoology each assign a unique client_id that is shared by different deployments. With these latter platforms, therefore, a provider cannot distinguish between deployments based solely on the iss and client_id. It is necessary to have the deployment_id as well. Fortunately, this is sent with the auth token request prior to each launch, even though the LTIA specifications do not strictly require it.

Is client_id claim globally unique ?

Donot have valid data to test certain APIs

Getting Canvas LTI Data

Is it posible to get the self_enrollment_code trou...

Display LTI content in pages from Editor LTI Place...

Media Plugin for Canvas LMS

UI for weekly progression idea

Is the ‘Enable self assessment’ field available in...

Canvas Rubrics API Criteria

api/v1/courses/sis_course_id:{id#}/sections - Not ...

add `desc` or `asc` to a few api calls that are al...

You're signed out

Is client_id claim globally unique ?

Community help

View our top guides and resources: