Canvas .well-known/openid-configuration endpoint for LTI Tools

Jump to solution
chase_willden
Community Novice

If I understand the LTI 1.3 specs correctly, it sits on top of the OpenId Connect specs. According to the specs in section 4, Final: OpenID Connect Discovery 1.0 incorporating errata set 1 , there should be a .well-known/openid-configuration endpoint. I do not see that Canvas provides this endpoint. Are there plans to add it?

Labels (2)
1 Solution
RobDitto
Community Champion

 @chase_willden  my understanding is that LTI 1.3 extends the OpenID Connect Core in a way which doesn't require that particular discovery endpoint. Third-party login initiation is the key piece of OIDC Core utilized. For more on how LTI 1.3 builds on that part of OIDC, consult this part of the IMS Security Framework 1.0 public document.

And, assuming I'm not mixing up meanings of discovery here, the Canvas platform's implementation of LTI 1.3 provides an authorization endpoint which redirects from a consistent URL, helping to ensure an authorized issuer regardless of the Canvas instance where the tool launch is happening. See step 2 here:

View solution in original post

0 Likes