Canvas .well-known/openid-configuration endpoint for LTI Tools
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
If I understand the LTI 1.3 specs correctly, it sits on top of the OpenId Connect specs. According to the specs in section 4, Final: OpenID Connect Discovery 1.0 incorporating errata set 1 , there should be a .well-known/openid-configuration endpoint. I do not see that Canvas provides this endpoint. Are there plans to add it?
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
@chase_willden my understanding is that LTI 1.3 extends the OpenID Connect Core in a way which doesn't require that particular discovery endpoint. Third-party login initiation is the key piece of OIDC Core utilized. For more on how LTI 1.3 builds on that part of OIDC, consult this part of the IMS Security Framework 1.0 public document.
And, assuming I'm not mixing up meanings of discovery here, the Canvas platform's implementation of LTI 1.3 provides an authorization endpoint which redirects from a consistent URL, helping to ensure an authorized issuer regardless of the Canvas instance where the tool launch is happening. See step 2 here: