Community Help

z_dusatko · ‎03-19-2018

Hello,
I was following this LTI tutorial
Introduction to LTI Apps: Canvas Dev and Friends
and at the same time was reading about canvas oauth 2.0 at
OAuth2 - Canvas LMS REST API Documentation

It seems that Canvas is doing all oauth flow in background for its already installed LTI and it is up to the LTI tool to verify timestamp and auth signature, and so on. But why am I always getting "oauth_version": "1.0"?
Shouldn't there be an option to use oauth 2.0? Is it in XML configuration? Couldn't find it.
Thanks for any advice,
Zbynek

pklove · ‎03-19-2018

It might be best not to read those at the same time as they do not relate to each other.

The LTI standard uses OAuth 1 purely as a signing mechanism.

The Canvas OAuth 2 implementation is related to providing authentication for accessing the REST API.

An LTI tool might make use of the second if it is allowed to call the REST API, but this is completely unrelated to the LTI tool verifying its launch parameters.

View solution in original post

pklove · ‎03-19-2018

It might be best not to read those at the same time as they do not relate to each other.

The LTI standard uses OAuth 1 purely as a signing mechanism.

The Canvas OAuth 2 implementation is related to providing authentication for accessing the REST API.

An LTI tool might make use of the second if it is allowed to call the REST API, but this is completely unrelated to the LTI tool verifying its launch parameters.

z_dusatko · ‎03-20-2018

Hi Peter,

thanks for your reply. I am a beginner, would you have some advice on best practices for building LTI? We would like to have our LTI access some Canvas resources (assignments), combine them with our data and store on our side permanently. We would also like to change LTI user interface depending on the role (student, instructor). We have admin access token to access Canvas API but I would prefer to do OAuth 2 for the current user and get access token this way.

Thanks,

Z.

pklove · ‎03-20-2018

Sorry, don't have any advice on best practices.

But if you want to see what Canvas passes on an LTI launch we have a test tool at https://lti.netkno.nz/tp You can use the consumer key / secret combination: myschool.edu / letmein

And we have an example of going through the OAuth2 process at https://canexa.netkno.nz/

z_dusatko · ‎03-20-2018

That's great, thanks a lot!

Is LTI always using oauth version 1.0?

LTI

Possible to get API LearningObjectDates data with ...

Completely hiding Syllabus link

anonymous_id missing in Course-Assignment Submissi...

Exporting Roll Call Attendance Data from Canvas to...

LTI 1.3 AGS Deleting a Line Item

Possible to get API LearningObjectDates data with ...

Completely hiding Syllabus link

anonymous_id missing in Course-Assignment Submissi...

Use API to find and replace an enabled LTI?

GraphQL Cache Response Post Update

You're signed out

Is LTI always using oauth version 1.0?

Community Help

View our top guides and resources: