AnsweredAssumed Answered

LTI consumer key and shared secret.

Question asked by Tim O'Connor on Mar 21, 2019
Latest reply on Mar 24, 2019 by Peter Love

I am looking at the following library for LMS integration:

GitHub - smtech/oauth2-canvaslms: This package provides Canvas LMS OAuth 2.0 support for the PHP League's OAuth 2.0 Clie… 


I am confused about where the 'consumer key' and 'shared secret' are used in the LTI tool.    The example:

use smtech\OAuth2\Client\Provider\CanvasLMS;session_start();/* anti-fat-finger constant definitions */define('CODE', 'code');define('STATE', 'state');define('STATE_LOCAL', 'oauth2-state');$provider = new CanvasLMS([    'clientId' => '160000000000127',    'clientSecret' => 'z4RUroeMI0uuRAA8h7dZy6i4QS4GkBqrWUxr9jUdgcZobpVMCEBmOGMNa2D3Ab4A',    'purpose' => 'My App Name',    'redirectUri' => 'https://' . $_SERVER['SERVER_NAME'] . '/' . $_SERVER['SCRIPT_NAME'],    'canvasInstanceUrl' => '']);/* if we don't already have an authorization code, let's get one! */if (!isset($_GET[CODE])) {    $authorizationUrl = $provider->getAuthorizationUrl();    $_SESSION[STATE_LOCAL] = $provider->getState();    header("Location: $authorizationUrl");    exit;/* check that the passed state matches the stored state to mitigate cross-site request forgery attacks */} elseif (empty($_GET[STATE]) || $_GET[STATE] !== $_SESSION[STATE_LOCAL]) {    unset($_SESSION[STATE_LOCAL]);    exit('Invalid state');} else {    /* try to get an access token (using our existing code) */    $token = $provider->getAccessToken('authorization_code', [CODE => $_GET[CODE]]);    /* do something with that token... (probably not just print to screen, but whatevs...) */    echo $token->getToken();    exit;}

Does not appear to use them.