Is LTI always using oauth version 1.0?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello,
I was following this LTI tutorial
Introduction to LTI Apps: Canvas Dev and Friends
and at the same time was reading about canvas oauth 2.0 at
OAuth2 - Canvas LMS REST API Documentation
It seems that Canvas is doing all oauth flow in background for its already installed LTI and it is up to the LTI tool to verify timestamp and auth signature, and so on. But why am I always getting "oauth_version": "1.0"?
Shouldn't there be an option to use oauth 2.0? Is it in XML configuration? Couldn't find it.
Thanks for any advice,
Zbynek
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
It might be best not to read those at the same time as they do not relate to each other.
The LTI standard uses OAuth 1 purely as a signing mechanism.
The Canvas OAuth 2 implementation is related to providing authentication for accessing the REST API.
An LTI tool might make use of the second if it is allowed to call the REST API, but this is completely unrelated to the LTI tool verifying its launch parameters.