LTI 1.3 and content migrations support

matt31
Community Member

I am trying to get content migrations support working with an LTI 1.3 tool using the instructions here:

https://canvas.instructure.com/doc/api/file.tools_xml.html

I can specify the callback URLs in the tool json like this:

"settings": {
  "content_migration": {
    "export_start_url": "https://helloworld.example.com/api/ims_exports",
    "import_start_url": "https://helloworld.example.com/api/ims_imports"
  }
}

 

The URLs do get called on import/export, but I can't authenticate the messages coming from Canvas.

According to the docs:

For authentication a JWT will be included in the Authorization header using the Bearer scheme, it is signed using the shared secret for the tool and will include the stored consumer key in the kid field of the token's header object.

 

For an LTI 1.3 tool, there is no shared secret.  I'm actually seeing kid 'fake' and secret 'fake' in the bearer token when Canvas calls our URLs.  Is there a way to use this API with an LTI 1.3 tool and authenticate the calls made by Canvas?

Labels (4)
0 Likes