Issuer Identifier(iss) issues, finding iss and uniqueness of iss

zia_rehman
Community Novice
‎07-06-2020 08:06 AM

Background:

We are building a LTI 1.3 app, for that we are using TSUGI(GitHub - tsugiproject/tsugi: Tsugi Admin, Developer, and Management Console (pls join the dev list) ) to handle the LTI flows and we are building a "mod" in this system which will do its stuff over the authentication done by tsugi base. (understanding tsugi should not be needed to udnerstand the problem).

Questions:

  1. How an end user(who is admin, lets say) can find out what is the issuer identifier(iss) configured for his instance of canvas? Is there somewhere in the UI or something which can tell us this?
    (This is because we need issuer identifier in LTI keys processing, and if admin dont know what is iss value, he cant tell us, right?)
  2. From the canvas docs it says: "As the issuer, Instructure-hosted Canvas intances all use the following, regardless of the specific account domain(s) that the tool was launched from https://canvas.instructure.com (Production environment launches)"
    Why issuer identifier is not unique for each domain of canvas? Is there a reason to keep it same for all canvas hosted instances.
  3. Finally, main issue which we are facing with tsugi, is that in tsugi, we have option to add issuer(doc here), it takes bunch of inputs, our concern is with issuer, as I have been playing around with this, tsugi expects unique issuer for each entry.
    This is a problem of the point 2 above, which effectively mean no matter what domain/account of the canvas we are trying to add it checks uniqueness of issuer, which is going to be same for most of the users.
    I know this specific point is most probably an issue with tsugi, that they have uniqueness check on issuer id, but i am posting here to confirm.

So addressing question 1 and 2 should suffice here, as I am looking into question 3 from tsugi perspective, trying to get in touch with them as well, but a confirmation of if the behavior(of keeping issuer id unique) is a logical bug in tsugi or not would be helpful.

If anything is not clear or any details are needed, please let me know and i will update my question.

1 person also had this question
Users who also had this question