The Instructure Community will enter a read-only state on November 22, 2025 as we prepare to migrate to our new Community platform in early December.
Read our blog post for more info about this change.
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- Community
- Groups
- Developers Group
- Forum
- Using Canvas to log into an external web app based...
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Found this content helpful? Log in or sign up to leave a like!
Using Canvas to log into an external web app based on course enrolled on
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-09-2023
05:33 AM
I was wondering if it's possible for users to log into an external web application but only based on if they are students who are enrolled on a particular course?
I was also wondering if it's possible to only let the course owners have additional permissions within the web application (i.e. act as 'admins').
I'm new to using the Canvas Web API so I have no idea if something like this is possible or not.
Thank you in advance! 🙂
Solved! Go to Solution.
1 Solution
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-09-2023
05:09 PM
Hi @ShannonClarke,
Your use case is precisely what LTI (Learning Tools Interoperability) is designed for! LTI is a standard that allows external web applications to integrate with learning management systems (LMS) like Canvas to provide seamless access for students and instructors.
With LTI, you can:
-
Authenticate Users: You can use LTI to authenticate users based on their enrollment in specific courses. When a user accesses your external web application through Canvas, the LTI launch includes information about the course and user, allowing you to verify their enrollment and grant access accordingly.
-
Differentiated Permissions: You can also use LTI to differentiate permissions. Teachers, TAs, and Designers can have additional permissions within your web application, essentially acting as admins or moderators.
-
Seamless Integration: LTI provides a seamless integration experience for both users and developers. Users can access your application without needing separate credentials, and your application can use the LTI protocol to interact with Canvas and access course and user information.
To implement LTI in your application, you'll need to:
- Handle LTI launches in your application to authenticate users and extract course/user information from the LTI launch parameters. The user's role information will be included in the launch parameters.
- Implement role-based permissions to allow teachers to have additional privileges.
- Register your application as an LTI tool in Canvas.
A few years ago, Claude Vervoort made an excellent video series on YouTube that goes over the LTI standard. There are also libraries and frameworks available for different programming languages to help you implement LTI effectively. Some popular LTI 1.3 libraries include:
If there's functionality that you need to use the Canvas API for that can't be accomplished in the LTI APIs, you can still generate an access token for the Canvas API. An example of this LTI application workflow is the UDOIT project. After successfully completing the LTI launch and OAuth process, the software uses the API token associated with the instructor, designer, or admin to scan course content on behalf of the logged-in user and generate a comprehensive accessibility report to identify and help address accessibility issues.
3 Replies
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-09-2023
05:09 PM
Hi @ShannonClarke,
Your use case is precisely what LTI (Learning Tools Interoperability) is designed for! LTI is a standard that allows external web applications to integrate with learning management systems (LMS) like Canvas to provide seamless access for students and instructors.
With LTI, you can:
-
Authenticate Users: You can use LTI to authenticate users based on their enrollment in specific courses. When a user accesses your external web application through Canvas, the LTI launch includes information about the course and user, allowing you to verify their enrollment and grant access accordingly.
-
Differentiated Permissions: You can also use LTI to differentiate permissions. Teachers, TAs, and Designers can have additional permissions within your web application, essentially acting as admins or moderators.
-
Seamless Integration: LTI provides a seamless integration experience for both users and developers. Users can access your application without needing separate credentials, and your application can use the LTI protocol to interact with Canvas and access course and user information.
To implement LTI in your application, you'll need to:
- Handle LTI launches in your application to authenticate users and extract course/user information from the LTI launch parameters. The user's role information will be included in the launch parameters.
- Implement role-based permissions to allow teachers to have additional privileges.
- Register your application as an LTI tool in Canvas.
A few years ago, Claude Vervoort made an excellent video series on YouTube that goes over the LTI standard. There are also libraries and frameworks available for different programming languages to help you implement LTI effectively. Some popular LTI 1.3 libraries include:
If there's functionality that you need to use the Canvas API for that can't be accomplished in the LTI APIs, you can still generate an access token for the Canvas API. An example of this LTI application workflow is the UDOIT project. After successfully completing the LTI launch and OAuth process, the software uses the API token associated with the instructor, designer, or admin to scan course content on behalf of the logged-in user and generate a comprehensive accessibility report to identify and help address accessibility issues.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-11-2023
10:57 AM
Interesting, I'll look into this thank you very much! Before I do, do you know if it's easy to adjust the course that it will authenticate against? My understanding is that the course we want to authenticate users for will be discarded after a year and a new one will be created for the new cohort of students so we will then need to authenticate the NEW users rather than the OLD ones, if that makes sense? No worries if you don't know off the top of your head, I will dive into it and try to find out more about it 🙂
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-12-2023
11:29 AM
Hi @ShannonClarke,
Canvas lets you integrate LTI apps in a few different ways:
- Course-level installation: LTI apps can be installed directly into courses. If you're sure that your app will only be used in one course, the app can be installed once and will follow the course to the new cohort when the course is copied. If the course is rebuilt from the ground up frequently, the tool can still be installed into the course.
- Department-level installation: LTI apps can also be installed into a subaccount, making it available to every course in that subaccount. For example, if this is a tool for chemistry students, the tool could be installed into the chemistry department's subaccount. Then, it'd be available to every chemistry course.
- Institution-level installation: Finally, you can install the app for every course in the institution using the school's root account. This will make the tool available in every courses in the school.
Regardless of how the app is deployed, Canvas will still send the same information over, including the user's information and role in the course, the course they launched the tool from, and any other information you tell Canvas to send using LTI Variable Substitution. For example, if the tool is installed in the root account and a teacher in the 2023 CHEM-101 class launches the tool, you'd get something that looks roughly like this:
{
"aud": "123450000000000008",
"azp": "123450000000000008",
"https://purl.imsglobal.org/spec/lti/claim/deployment_id": "66:1e94049cbf884ed89cace905742e7ad2",
"iss": "https://canvas.instructure.com", // Always https://canvas.instructure.com for Canvas
"sub": "d306e191-424e-40d0-afae-dfb6ea583e12", // The ID of the user who launched the tool
"https://purl.imsglobal.org/spec/lti/claim/target_link_uri": "https://course.prod.ally.ac/api/v2/auth/lti/1.3/target",
"https://purl.imsglobal.org/spec/lti/claim/context": {
"id": "2bff1825e50c4cad865bd865d7371aee",
"label": "Demo 101", // The label that shows in the upper lefthand corner of the course
"title": "DEMO-101-01 Canvas Demo Course" // The name of the course
},
"https://purl.imsglobal.org/spec/lti/claim/tool_platform": {
"guid": "8d4f6b29e6094493b9d100469139edf1:canvas-lms",
"name": "Test School",
"version": "cloud",
"product_family_code": "canvas"
},
"https://purl.imsglobal.org/spec/lti/claim/roles": [
"http://purl.imsglobal.org/vocab/lis/v2/institution/person#Administrator", // User is an account administrator for the school (i.e., a Canvas admin)
"http://purl.imsglobal.org/vocab/lis/v2/institution/person#Instructor", // User teaches courses at the school
"http://purl.imsglobal.org/vocab/lis/v2/membership#Instructor", // User is a teacher in this course
"http://purl.imsglobal.org/vocab/lis/v2/system/person#User"
],
"https://www.instructure.com/placement": "course_navigation",
"picture": "https://canvas.example.edu/images/thumbnails/11369252/6dc88f7a1de748cb85a5ef697f19eb3f",
"email": "test@example.edu",
"name": "Test User",
"given_name": "Test",
"family_name": "User",
"https://purl.imsglobal.org/spec/lti-ags/claim/endpoint": {
"scope": [
"https://purl.imsglobal.org/spec/lti-ags/scope/lineitem",
"https://purl.imsglobal.org/spec/lti-ags/scope/lineitem.readonly",
"https://purl.imsglobal.org/spec/lti-ags/scope/result.readonly",
"https://purl.imsglobal.org/spec/lti-ags/scope/score"
],
"lineitems": "https://canvas.example.edu/api/lti/courses/26262/line_items" // For passing grades back to the gradebook
},
"https://purl.imsglobal.org/spec/lti/claim/lis": {
"person_sourcedid": "STUDENT_456123", // The user's SIS User ID
"course_offering_sourcedid": "COURSE_2023-DEMO-101-01" // The course's SIS Course ID
},
"https://purl.imsglobal.org/spec/lti-nrps/claim/namesroleservice": {
"context_memberships_url": "https://canvas.example.edu/api/lti/courses/26262/names_and_roles", // For getting the list of users and their roles in the course
"service_versions": [
"2.0"
]
}
}I hope this helps!
Community help
To interact with Panda Bot, our automated chatbot, you need to sign up or log in:
Sign inView our top guides and resources:
Find My Canvas URL Help Logging into Canvas Generate a Pairing Code Canvas Browser and Computer Requirements Change Canvas Notification Settings Submit a Peer Review AssignmentTo interact with Panda Bot, our automated chatbot, you need to sign up or log in:
Sign in