Community Help

tatiana_peisl · ‎07-29-2015

We, at cehe.instructure (IU), trying to implement USU-tools, also known as Kennethware2.0 and came across an error that points at line 45 in TrivialOAuthDataStore.php. Also, to note we do have all HTTPS and no need to use http and associated to it encryption and etc.. Any advice is greatly appreciated as well as any source-code updates.

Here is copy of ERR:

Strict Standards: Declaration of TrivialOAuthDataStore::new_request_token() should be
compatible with OAuthDataStore::new_request_token($consumer, $callback = NULL)
in/home4/iucdtcom/public_html/user/~tatiana/kennethware/wizard/resources/TrivialOAuthDataStore.php on line 45

------------------------------------------------------------------------------------------------------------

T.Peisl

kenneth_larsen · ‎07-30-2015

Thanks for asking for clarification.

Lets start with a quick vocabulary clarification:

OAuth Token: A string that is generate for a specific user so that a program can make changes to Canvas using the API on behalf of that user.
Canvas Developer Key: An ID and Secret that are associated with a developer and domain that can be used to request user OAuth tokens. You can get one of these by filling out the the Canvas Developer Key Request form.

An LTI tool can be created without using a Canvas Developer Key, however an LTI tool that does not use a Canvas Developer Key cannot request user OAuth tokens from Canvas.

Here is a description of the variables:

The $client_id and $clientSecret variables are NOT user credentials, they are Canvas Developer Credentials because the Wizard requests a token for each user so that the content it creates is created as the user and with that user's permissions. See the note below about an OAuth handshake.
The $lti_secret is used to verify that a request is coming from Canvas. When you set up an LTI tool in Canvas, one of the items you have to add is a secret. The secret you use when adding the tool to Canvas must match the $lti_secret variable or the tool will not load.
The $canvasDomain and $apiToken are no longer needed (I thought I had removed them). These variables were used for some API requests that were made from the JavaScript aspect of the tools in Canvas.

OAuth Handshake

In order to obtain an OAuth token for a user, the following takes place:

The page is redirected to https://{usersinstance}.instructure.com/login/oauth2/auth to prompt the user with the option to authorize the tools. This request includes the $client_id variable (developer credential) and the url for where the requested information will be returned to (see controller.php line 57).
When the user clicks "Log in". Canvas sends a code to the url that was sent in step 1 above. In the case of this particular tool, that is oauth2response.php.
Once the program receives a code from Canvas indicating that the user agreed to grant access, that code and the developer credentials ($client_id and $clientSecret) are sent to https://{usersinstance}.instructure.com/login/oauth2/token to request an OAuth token (see oauth2response.php lines 10-14).
Canvas validates the developer credentials and the code and returns an OAuth token (see oauth2response.php line 14).
For Kennethware, that OAuth token is encrypted using the $pass and $salt strings and written to the database using the DB credentials (see oauth2response.php lines 26-37).

To address some of your other items:

Config is using OAuth.php and TrivialOAuthDataStore.php to verify credential from MySQL DB.
- False. The controller.php file checks the DB for user credentials. If there are no credentials it begins the OAuth handshake as described above.
What happened to those statically assigned variables?
- Hopefully the OAuth handshake section above answered this part.
I failed to find where those credentials are INSERT into tools DB.
- Those credentials are never inserted into the database, the are used to request the tokens that are inserted into the database.
Now, because there is nothing in DB inserted, SELECT return no rows and request is moving further to TrivialOAuthDataStore.php to ask to issue "token" and >> because we have no Canvas Developer Key we got cut short.
- This happens right off in controller.php if you do not have a Canvas Developer Key.
My impression was that is there is no Canvas Developer Key, at least the tool should work for explicitly defined users.
- False. You cannot explicitly define users for this tool. Unless of course you can generate your own OAuth token, duplicate the encryption of your OAuth token and insert it manually into the database (see oauth2response.php lines 26-37).
We need to use only a single user credentials when no Canvas Developer Key is available. Does the tool has ability by passing this situation?
- If you do not have a Canvas Developer Key, these tools will not work without rewriting the code.

Let me know if there is anything else you need clarified

View solution in original post

awilliams · ‎07-29-2015

I am going to ping @kenneth_larsen and see if he can offer some assistance on this.

kenneth_larsen · ‎07-30-2015

Hi @tatiana_peisl ,

The TrivialOAuthDataStore.php file came from IMS Global (the learning consortium that is responsible for the LTI standard) and handles the process of retrieving an OAuth token from Canvas. This is the first time I have heard of anyone encountering this error during an install. I am inclined to think that the issue lies in the config setup rather than an issue with that file.

As far as the USU Design Tools (aka Kennethware) is concerned, there are three variables in the config.php file that are used for the OAuth retrieval process:

$_SESSION['template_wizard_url'] (line 11)
- This should be the path to the wizard folder (i.e. https://mydomain.edu/tools/wizard). This is used to direct the OAuth response from Canvas (among other things).
$client_id (line 27)
- This is one of the developer credentials you receive from Canvas (see the note about credentials at the bottom of this post) and will typically be a number around 15 characters in length
$clientSecret (line 28)
- This is the second part of the developer credentials from Canvas and is typically a string of random characters around 64 characters in length

Some things you can check:

When you launch the Wizard, are you getting the authorization screen? If not, then it is going to be an issue with your credentials.
Make sure you are getting a code back from Canvas when the user authorizes the app
- Open the resources/oauth2response.php file and add the following on line 25:
```
var_dump($_GET);
echo '<hr>';
var_dump($userToken);
exit;
```
- You should get a really long string, then a horizontal line and then some post information containing an OAuth token and the name of the user. If not, then again it is most likely an issue with your credentials.

Requesting Developer Credentials from Canvas

To host and create LTI tools from Canvas you need developer credentials. You can request these credentials by completing the Canvas Developer Key Request.

NOTE: When you request developer credentials from Canvas, you have to supply the domain on which those credentials will be used. In the case of Kennethware, it is the domain where you are hosting all of the code you downloaded from Github (ie. mydomain.edu). These credentials will only work when an OAuth request comes from the server domain associated with the developer credentials.

Let me know if everything above is working but you are still getting the error message.

tatiana_peisl · ‎07-30-2015

Hi Kenneth,

Thanks for advice, I will go through the code and update

Warm Regards,

Tatiana Peisl (MISM; MS Applied Math.)

Curriculum Development Online

Center for Excellence in Higher Education

tatiana_peisl · ‎07-30-2015

Hi Kenneth,

Just want to verify if my understanding is correct about how it works.

LTI work not only with Canvas Developer Key, any user with appropriate credentials can generate "token", which is canvas key used to authenticate user.

In the CONFIG part of your tools there is static assignment of variables that hold a single user credentials: $client_id, $clientSecret, $lti_secret, $canvasDomain, and $apiToken. Also it has DB credentials and $pass and $salt for encryption.

Config is using OAuth.php and TrivialOAuthDataStore.php to verify credential from MySQL DB. What happened to those statically assigned variables?

I failed to find where those credentials are INSERT into tools DB.

Now, because there is nothing in DB inserted, SELECT return no rows and request is moving further to TrivialOAuthDataStore.php to ask to issue "token" and >> because we have no Canvas Developer Key we got cut short.

My impression was that is there is no Canvas Developer Key, at least the tool should work for explicitly defined users.

Is that correct?

We need to use only a single user credentials when no Canvas Developer Key is available.

Does the tool has ability by passing this situation ?

Thanks in advance,

Tatiana

kenneth_larsen · ‎07-30-2015

Thanks for asking for clarification.

Lets start with a quick vocabulary clarification:

OAuth Token: A string that is generate for a specific user so that a program can make changes to Canvas using the API on behalf of that user.
Canvas Developer Key: An ID and Secret that are associated with a developer and domain that can be used to request user OAuth tokens. You can get one of these by filling out the the Canvas Developer Key Request form.

An LTI tool can be created without using a Canvas Developer Key, however an LTI tool that does not use a Canvas Developer Key cannot request user OAuth tokens from Canvas.

Here is a description of the variables:

The $client_id and $clientSecret variables are NOT user credentials, they are Canvas Developer Credentials because the Wizard requests a token for each user so that the content it creates is created as the user and with that user's permissions. See the note below about an OAuth handshake.
The $lti_secret is used to verify that a request is coming from Canvas. When you set up an LTI tool in Canvas, one of the items you have to add is a secret. The secret you use when adding the tool to Canvas must match the $lti_secret variable or the tool will not load.
The $canvasDomain and $apiToken are no longer needed (I thought I had removed them). These variables were used for some API requests that were made from the JavaScript aspect of the tools in Canvas.

OAuth Handshake

In order to obtain an OAuth token for a user, the following takes place:

The page is redirected to https://{usersinstance}.instructure.com/login/oauth2/auth to prompt the user with the option to authorize the tools. This request includes the $client_id variable (developer credential) and the url for where the requested information will be returned to (see controller.php line 57).
When the user clicks "Log in". Canvas sends a code to the url that was sent in step 1 above. In the case of this particular tool, that is oauth2response.php.
Once the program receives a code from Canvas indicating that the user agreed to grant access, that code and the developer credentials ($client_id and $clientSecret) are sent to https://{usersinstance}.instructure.com/login/oauth2/token to request an OAuth token (see oauth2response.php lines 10-14).
Canvas validates the developer credentials and the code and returns an OAuth token (see oauth2response.php line 14).
For Kennethware, that OAuth token is encrypted using the $pass and $salt strings and written to the database using the DB credentials (see oauth2response.php lines 26-37).

To address some of your other items:

Config is using OAuth.php and TrivialOAuthDataStore.php to verify credential from MySQL DB.
- False. The controller.php file checks the DB for user credentials. If there are no credentials it begins the OAuth handshake as described above.
What happened to those statically assigned variables?
- Hopefully the OAuth handshake section above answered this part.
I failed to find where those credentials are INSERT into tools DB.
- Those credentials are never inserted into the database, the are used to request the tokens that are inserted into the database.
Now, because there is nothing in DB inserted, SELECT return no rows and request is moving further to TrivialOAuthDataStore.php to ask to issue "token" and >> because we have no Canvas Developer Key we got cut short.
- This happens right off in controller.php if you do not have a Canvas Developer Key.
My impression was that is there is no Canvas Developer Key, at least the tool should work for explicitly defined users.
- False. You cannot explicitly define users for this tool. Unless of course you can generate your own OAuth token, duplicate the encryption of your OAuth token and insert it manually into the database (see oauth2response.php lines 26-37).
We need to use only a single user credentials when no Canvas Developer Key is available. Does the tool has ability by passing this situation?
- If you do not have a Canvas Developer Key, these tools will not work without rewriting the code.

Let me know if there is anything else you need clarified

tatiana_peisl · ‎08-10-2015

Hi Kenneth,

Finally we got ID and KEY from canvas. I edited that in config.php. also, I added recommended lines of code in oauth2response.php.

added to oauth2response.php in line #25 as advised

=============================

var_dump($_GET);

echo '<hr>';

var_dump($userToken);

exit;

I do get "login" window but when I click on "Login" button, it breaks with following errors:

Strict Standards: Declaration of
TrivialOAuthDataStore::new_request_token() should be compatible with
OAuthDataStore::new_request_token($consumer, $callback = NULL) in/home4/iucdtcom/public_html/user/~tatiana/kennethware/wizard/resources/TrivialOAuthDataStore.php on
line 45

Strict Standards: Declaration of
TrivialOAuthDataStore::new_access_token() should be compatible with
OAuthDataStore::new_access_token($token, $consumer, $verifier = NULL) in/home4/iucdtcom/public_html/user/~tatiana/kennethware/wizard/resources/TrivialOAuthDataStore.php on
line 45

Notice: Undefined index: canvasURL in /home4/iucdtcom/public_html/user/~tatiana/kennethware/wizard/oauth2response.phpon
line 12

Warning:
file_get_contents(/login/oauth2/token?client_id=25330000000000002&client_secret=secret&code=4384502fbd18b394ecc32c0afa61245fe6e6c57d22fc7c4d09e32a94f3b887039787627ffc6454c29c9f8436bf082200fb61f0cd588a550d043fba4e38e18083):
failed to open stream: No such file or directory in/home4/iucdtcom/public_html/user/~tatiana/kennethware/wizard/oauth2response.php on
line 14
============================

Before adding suggested code I was getting error same as above and plus

============== the below-- was fixed with your (Kenneth) suggested code==============

Notice: Trying to get property of non-object in /home4/iucdtcom/public_html/user/~tatiana/kennethware/wizard/oauth2response.php on line 29

Notice: Undefined index: userID in /home4/iucdtcom/public_html/user/~tatiana/kennethware/wizard/oauth2response.php on line 32

Notice: Undefined index: apiDomain in /home4/iucdtcom/public_html/user/~tatiana/kennethware/wizard/oauth2response.php on line 36

having canvas_user_id and domain noted as NULL in

QUERY: INSERT INTO `tokens` )

ERROR: Column 'canvas_user_id' cannot be null

=========================================

Any advice is deeply appreciated.

Thanks in advance.

kenneth_larsen · ‎08-17-2015

Is the server you are making the call from secure (https)?

I would also recommend replacing any ID's or other such codes in your posts in the forum with ### or something similar.

tatiana_peisl · ‎07-30-2015

Thanks Kenneth,

That clarifies a lot

Tatiana

Kennethware 2.0 test deployment - error

Current graded by

Item limit on "Add to Module" dialog box and solut...

How to enable Upload/Recording Media option to tak...

outh2 flow token generation

Acceder a la

Current graded by

If I have a Course ID, Quiz ID and a Question ID c...

How can I access previous year data using canvas L...

For new LTI tool - XML or JSON? Which is preferred...

Item limit on "Add to Module" dialog box and solut...

You're signed out

Kennethware 2.0 test deployment - error

Community Help

View our top guides and resources: