cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
haeven
Community Participant

LTI 1.3 Integration Testing Error

I am currently testing our LTI 1.3 Tool with Canvas, and after the OIDC Third Party Login in which Canvas sends login parameters including the lti_message_hint, we redirect with a request to the authorize URL in order to request the id_token (per the LTI 1.3 OIDC flow). However, when we make this request to the authorize URL I receive the error: 

while(1);{"status":"bad_request","message":"Invalid lti_message_hint","error_report_id":170209301}

Even though we're sending back the exact lti_message_hint that we received on the OIDC TPL request (per the LTI 1.3 Spec). Any insight into why I might be getting this error would be greatly appreciated.

Labels (1)
12 Replies
pklove
Community Champion

Can you post the actual URL you are re-directing to?  Just alter any sensitive data.

haeven
Community Participant

So I was able to resolve the other issue, but I'm now getting a server error when I send the request to Canvas for an id_token after the OIDC TPL. Here is the request url and error:

.../api/lti/authorize?scope=openid&response_type=id_token&response_mode=form_post&prompt=none&client_id=10000000000017&redirect_uri=http%3A%2F%2Fwww.grtstaging.com%2Findex.cfm%2Fcore%2Ftool%2Findex&state=98DDE6FA-659A-4EBB-88B7E8BAC0958F0D&nonce=85F1B78B-EBBD-4AEE-850238F5113DD4D4&login_hint=902abc79ccfb376e0f2cc148d4812037a0cf1d4c&lti_message_hint=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ2ZXJpZmllciI6bnVsbCwiY2FudmFzX2RvbWFpbiI6ImNhbnZhcy5ncmVhdHJpdmVybGVhcm5pbmcuY29tIiwiY29udGV4dF90eXBlIjoiQ291cnNlIiwiY29udGV4dF9pZCI6MTAwMDAwMDAwMDAwMDEsImV4cCI6MTU2MTYwMzYwNX0.qHNL66CCGaGPl8zgpklKmBrS5qeSgATn91XId-0Lsxw
while(1);{"errors":[{"message":"An error occurred.","error_code":"internal_server_error"}],"error_report_id":145}

Your assistance is greatly appreciated! pklove

pklove
Community Champion

Which Canvas server are you sending the request to?

haeven
Community Participant

It is a image loaded on to one of the companies private servers, are there public accessible servers for testing pklove‌?

pklove
Community Champion

I've only done LTI 1.3 against Instructure hosted Canvas.

For those you use: https://canvas.instructure.com/api/lti/authorize_redirect 

Although https://yourserver.instructure.com/api/lti/authorize also works.

bgolson
Community Participant

 @haeven ‌ I'm getting the same "Invalid lti_message_hint error" from your original post. How did you resolve that?

Thanks for your help!

Update: I wasn't forwarding the value properly. So I've now advanced past the lti_message_hint error and on to a generic server error. This one should be fun to debug Smiley Happy 

haeven
Community Participant

This is also where we are at with our testing, we tested with a customer's dev environment and we did not receive this error so we concluded that is has something to do with our Canvas image/deployment.

jkp
Community Member

Did anybody found solution for this? I on the other hand keep getting invalid_scope error when I pass any scope or no at all. I tried with canvas scopes and with `openid` one.

william_diehl
Community Participant

Invalid Scope errors could mean you're either requesting a scope not granted to the developer key or you're using an improperly crafted scope name (the scopes are in URI format). Double check your developer key to make sure you've granted the particular permission(s) you're requesting (I assume you're requesting something like view users/roles, view assignments, modify grades, etc) or double check the format of the scope you're passing.

Here's an example of the POST parameters I'm using, requesting ALL scope permissions (with our signed JWT appended at the end)

grant_type=client_credentials&client_assertion_type=urn:ietf:params:oauth:client-assertion-type:jwt-bearer&scope=https://purl.imsglobal.org/spec/lti-nrps/scope/contextmembership.readonly https://purl.imsglobal.org/spec/lti-ags/scope/lineitem https://purl.imsglobal.org/spec/lti-ags/scope/result.readonly https://purl.imsglobal.org/spec/lti-ags/scope/score&client_assertion=" + jwt