Activity Feed
- Got a Kudo for Re: LTI OAUTH 1.0 Signature Mismatch. 08-06-2020 02:01 AM
- Got a Kudo for Re: LTI OAUTH 1.0 Signature Mismatch. 08-06-2020 02:01 AM
- Posted Re: LTI 1.3 Client ID and deployment id to differentiate LMS and institutions. on Canvas Question Forum. 05-08-2020 11:49 AM
- Posted LTI 1.3 client_id Confusion on Canvas Developers Group. 04-07-2020 12:57 PM
- Tagged LTI 1.3 client_id Confusion on Canvas Developers Group. 04-07-2020 12:57 PM
- Tagged LTI 1.3 client_id Confusion on Canvas Developers Group. 04-07-2020 12:57 PM
- Tagged LTI 1.3 client_id Confusion on Canvas Developers Group. 04-07-2020 12:57 PM
- Posted Identifying customers in LTI 1.3 on Canvas Developers Group. 03-25-2020 01:42 PM
- Tagged Identifying customers in LTI 1.3 on Canvas Developers Group. 03-25-2020 01:42 PM
- Tagged Identifying customers in LTI 1.3 on Canvas Developers Group. 03-25-2020 01:42 PM
- Posted Re: LTI 1.3 Integration Testing Error on Canvas Developers Group. 03-03-2020 10:48 AM
- Got a Kudo for LTI OAUTH 1.0 Signature Mismatch. 10-09-2019 02:39 PM
- Got a Kudo for Re: LTI OAUTH 1.0 Signature Mismatch. 10-09-2019 02:39 PM
- Got a Kudo for Re: LTI OAUTH 1.0 Signature Mismatch. 10-09-2019 02:39 PM
- Posted Re: LTI OAUTH 1.0 Signature Mismatch on Canvas Developers Group. 09-19-2018 02:38 PM
- Got a Kudo for Re: LTI OAUTH 1.0 Signature Mismatch. 09-18-2018 09:40 AM
- Posted Re: LTI OAUTH 1.0 Signature Mismatch on Canvas Developers Group. 09-11-2018 10:39 AM
- Posted LTI OAUTH 1.0 Signature Mismatch on Canvas Developers Group. 09-06-2018 07:45 AM
- Tagged LTI OAUTH 1.0 Signature Mismatch on Canvas Developers Group. 09-06-2018 07:45 AM
- Tagged LTI OAUTH 1.0 Signature Mismatch on Canvas Developers Group. 09-06-2018 07:45 AM
My Posts
| Post Details | Date Published | Views | Kudos |
|---|---|---|---|
|
My understanding of the LTI 1.3 installation process was the tool provider creates a client_id with providing the required OIDC URLs like redirect, login initiation, etc. Then the LMS admin installs ... |
04-07-2020 |
767 |
0 |
|
Identifying customers in LTI 1.3 In LTI 1.1 we assign a client/secret for each customer. That way when a client sends a launch request(key/secret included) we are able to know which customer it is, because we map the key/secret... |
03-25-2020 |
774 |
0 |
|
LTI OAUTH 1.0 Signature Mismatch Hi, I created an LTI application with .Net. I have tried different libraries to create OAuth 1.0 signature, but it never matches with the one comes from Canvas. I checked it with this tool:&n... |
09-06-2018 |
5463 |
1 |
05-08-2020
11:49 AM
Deployment Id is unique for each deployment in an LMS, so when somebody launches your tool it comes to the "redirect" endpoint in the JWT token's body with the other parameters, after the service provider verifies you.
... View more
04-07-2020
12:57 PM
My understanding of the LTI 1.3 installation process was the tool provider creates a client_id with providing the required OIDC URLs like redirect, login initiation, etc. Then the LMS admin installs it in the organization via the client_id. Some LMSs have a developer dashboard where the tool provider provides this OIDC related information. However, I am a little bit confused in Canvas, it looks like providing the OIDC URLs and getting the client_id is Admin's responsibility because there is a "Developer Keys" section under the administration. I am not sure if I missing something. Is there anyone who had the same confusion? How do you use client_id in Canvas and handle the installation?
... View more
Labels
- Labels:
-
LTI
03-25-2020
01:42 PM
In LTI 1.1 we assign a client/secret for each customer. That way when a client sends a launch request(key/secret included) we are able to know which customer it is, because we map the key/secret to the customerID on our end. For example; - Key: something / Secret: something_secret mapped to -> CustomerID: 1 -> This is customer 1. In LTI 1.3 there is no key/secret, so not sure what would be the correct attribute to track which customer send the request. There is a deploymentID, but this comes with the launch. I need to know this attribute before the launch, so I could know which customer sends the request. And clientID is global in the learning platform. Last thing in my mind is using a custom field but it doesn't feel like the right way to pass an information like consumer secret. I feel like there is a proper way to do it I am missing.
... View more
- Tags:
- lti
- lti advantage
Labels
- Labels:
-
LTI
03-03-2020
10:48 AM
@haeven @bgolson I am also getting: " {"status":"bad_request","message":"Invalid lti_message_hint","error_report_id":172232213} Can you please share what was your solution? This is how my authentication request looks like: https://canvas.instructure.com/api/lti/authorize_redirect client_id:"10000000000003", login_hint:"2f16f60997a89e831afc21ffd15bdfd6b66b273f", lti_message_hint:"eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ2ZXJpZmllciI6ImY0MGUzYjUwNmIyMTljNjAwYjkxYzZiZTQ3OGZiMTI5MTMyNmU4N2Y2NjIwNTdkMGI3ZmZlMjc1NzRiMTYzNGFmZjUxNTYzMjkyODI5OTBiYTExODVhYmU3MWMzYmY2MDU0NTdhZmY0ZjgxMDQ0ZWYxY2FlNDZjMmNiOTY4ZGRjIiwiY2FudmFzX2RvbWFpbiI6IjMuMjIwLjIyMi4yIiwiY29udGV4dF90eXBlIjoiQ291cnNlIiwiY29udGV4dF9pZCI6MTAwMDAwMDAwMDAwMDEsImV4cCI6MTU4MzI1OTcxNH0.3d3y9orPbV5y29QtpPxZ6AaPNnjd60UAWNHACQv9cYc", nonce:"7417f2eb-d68b-4b00-9513-1b52aee9df92", prompt:"none", redirect_uri:"https://localhost:8000/redirect", response_mode:"form_post", response_type:"id_token", scope:"openid", state:"81b46989-0606-49e0-842e-b9c4060177dd"
... View more
09-19-2018
02:38 PM
1 Kudo
Hi Jonathan, For me, the problem was creating the signature base To create the Signature Base: 1- Get all of the parameters except "oauth signature" sent by Canvas with POST from the launch. 2- I made a loop for each parameter, and encode only Key and Values, they look like this: encodedKey=EncodedValue. I don't know which language you are using but, in c# it looks similar to this: $"&{Uri.EscapeDataString(key)}={Uri.EscapeDataString(value)} 3- Sort them alphabetically with the Key names(&Key=Value) 4- Create a string from this list, and Encode this string one more time(the whole string). 5- Add the string you created to "POST&{Your Launch Url}&{The string you just created}" After these, you will just create the signature with using this signature base which is the standard way. I hope this will help.
... View more
09-11-2018
10:39 AM
2 Kudos
Hi Peter, Thanks for the response. I just figured out the problem. There was a couple of things I was missing; the first thing; I didn't know that I should use all of the parameters(except oauth_signature) sent to the launch url to create the signature base. And the second thing was just an encoding issue.
... View more
09-06-2018
07:45 AM
1 Kudo
Hi, I created an LTI application with .Net. I have tried different libraries to create OAuth 1.0 signature, but it never matches with the one comes from Canvas. I checked it with this tool: http://lti.tools/oauth/ and it matches with the OAuth signature I generated, however not with the "signature" parameter comes from Canvas. URL: https://localhost:44397/default.aspx Consumer Key: orhun-123 Shared Secret: orhun-123 Nonce: nYrB8fqYrLsKd4Q1QharrvjBYb9zj03unlAU7urXg Timestamp: 1536243035 Generated signature: Iyxdh5swIDAro/K7WbUWAjhOUI0= Signature comes from Canvas: z2tzUWURgkf6m56L7wrUyqe50wE= Currently, I am using this code to generate the OAuth signature: OAuth-Signature-Validation-Tool/OAuthBase.cs at master · mashery/OAuth-Signature-Validation-Tool · GitHub Thank you,
... View more
