Community Help

sangeethaj03 · ‎11-26-2020

I am trying to implementing LTI1.3 external tool. I have added the tool's URL in canvas and calling Canvas authorization end point https://my_canvas_instance/api/lti/authorize_redirect as get method with the required parameters (login_hint, redirect_uri, client_id, state, lti_message_hint, prompt, nonce, response_type, response_mode, scope).

Once the end point is called, Canvas redirects to Tool's redirect URI with error as 'login_required' and error description as 'Must have an active user session'.

I have verified my client_id. Everything looks fine. But, this error still occurs. Can someone help me out?

sangeethaj03 · ‎02-01-2021

@matthew_buckett - The issue is resolved. A big thanks to you for spending time in resolving my issues.

In my canvas instance, dynami_settings.yml file was missing. So, I did a copy of .example file using command cp dyanmic_settings.yml.example dynamic_settings.yml. Also, I edited the dynamic_settings.yml file by changing 'development' section to 'production' section. Then, I did a restart to my canvas instance using command opt/bitnami ctlscript.sh restart.

On clearing browser cache, login_required error was resolved and I got the id_token from canvas in my redirect_uri.

Thank you very much for guiding me through my issues.

View solution in original post

sangeethaj03 · ‎12-23-2020

Any update about this issue?

matthew_buckett · ‎12-24-2020

LTI 1.3 uses the this part of the OpenID Connect specification, https://openid.net/specs/openid-connect-core-1_0.html#ThirdPartyInitiatedLogin where the Provider (Canvas) initiates the login to the Relying Parting (the tool you are writing). If you are writing a 3rd party tool and wanting users to login to it using their Canvas credentials then you are better off using OAuth 2 and the special scope: https://canvas.instructure.com/doc/api/file.oauth.html#oauth2-flow

sangeethaj03 · ‎01-20-2021

Shouldn't Canvas provide a login screen for third party initiated login? Can you please help me with the implementation of LTI1.3 with openid connect?

In Oauth2 with special scope, I am not getting payload. I would require the payload (id_token) for my application.

matthew_buckett · ‎01-20-2021

Using LTI 1.3 you have to use the Third Party Initiated Login and so in that case the user is already logged in and it wanting to access a tool so Canvas doesn't need to present a login screen. This flow is used for when the user is already in Canvas and wants to use some functionality of your LTI 1.3 tool.

If you are wanting to use Canvas as an authentication source for your application then you don't need to do LTI 1.3 and can just use a standard OAuth2 flow with a scope of `/auth/userinfo` as outlined in https://canvas.instructure.com/doc/api/file.oauth.html#oauth2-flow

In that example the user accesses your application and isn't logged in, you send them off to a Canvas instance starting the OAuth2 flow, Canvas prompts them to login (if they aren't already) and then when they return you will get the details about who the user is (but that's all).

sangeethaj03 · ‎01-20-2021

But, when the scope is /auth/userinfo, then as per canvas documentation (OAuth2 - Canvas LMS REST API Documentation), we will not be getting an access token. Can our application use canvas services without access token when scope is /auth/userinfo?

I will need user details like first name, last name. I will also need access token for accessing Canvas APIs.

sangeethaj03 · ‎01-20-2021

Using LTI1.3 with an user logged into Canvas, I am getting an error login_required. Is there a solution for this? Since, Canvas doesn't need to present a login screen. Should I present a login page from tool end? Or am I doing anything wrong?

I have to integrate my tool with multiple LMS like Canvas, Blackboard, etc. Any help please?

matthew_buckett · ‎01-20-2021

The scope /auth/userinfo allows the user to select to remember the grant so that they don't get prompted every time they login. You can then send them back to Canvas to grant you a token with permissions to perform actions (when you get the token back you probably want to store it against the authenticated user), that way you can call the API on behalf of the user.

But all this is custom integration for Canvas and doesn't follow a standard so will need to be adapted for any other LMS/VLE (if it's even possible). Sticking to LTI 1.3/Advantage means your enhancements should be applicable to multiple LMS/VLE platforms.

sangeethaj03 · ‎01-25-2021

My issue of login_Required is still not resolved. Can someone please help? As I have to integrate my tool with multiple LMS platforms including Canvas, Blackboard, Moddle.

matthew_buckett · ‎01-26-2021

LTI 1.3 is designed for tools embedded inside a LMS (so the user is already logged in), and clicks on a link within the LMS and at that point they are logged into the external tool and shown the content from the tool. If you are trying to use your tool that way could you explain in more detail the request that is failing as from your original description it sounds like you are trying to start the login flow from your external tool.

sangeethaj03 · ‎01-26-2021

I have configured developer key with the following details

OIDC Initiation Login URL - https://<<mydomainname>>/oidc/login_uri

Target Link URI - https://<<mydomainname>>/oidc/target_uri

Redirect URI - https://<<mydomainname>>/oidc/redirect_uri

Once developer key is added with privacy set to public and all the permission enabled for LTI advantage services, I get the client id and client secret.

I have added the external tools as part of Apps in one of my courses using clientID.

After the app is added, I have created an Assignment and selected the external tool added and save & publish my assignment.

Now, from the listing page, I click on the assignment and my external tool is launched. Canvas, by default, trigger the OIDC Initiation Login URL (https://<<mydomainname>>/oidc/login_uri) as included in the developer key.

Canvas sends response as iss, login_hint, lti_message_hint, client_id and canvas_region.

Now, from my tool, I trigger the canvas authorization end point as follows:

https://canvas-dev.airislabs.com/api/lti/authorize_redirect - GET method

client_id=10000000000009 (as sent in OIDC initiation login URL response)

lti_message_hint=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ2ZXJpZmllciI6ImM1MmM5NzUwZDM3ZWRjNjhjMWEyZDk4YzAxODgwMDZhZGE3ZDhmM2I0NDJlNjIwNzllOTgxN2EyYTJmY2YyN2NlZjBlYzg2Yzg5YWQ2M2QzNTM3YjFkMWVjZWJiMDkxZWU3Njc3ZjU4NzYxZGI1OWZlMWY5Mjg1Nzc1OGJkNDE0IiwiY2FudmFzX2RvbWFpbiI6ImNhbnZhcy1kZXYuYWlyaXNsYWJzLmNvbSIsImNvbnRleHRfdHlwZSI6IkNvdXJzZSIsImNvbnRleHRfaWQiOjEwMDAwMDAwMDAwMDA1LCJleHAiOjE2MTE2NTk0NTh9.WGuiME-jgUJxykgO8fZaiwHCIXk_52rTpQJhh0Re27Q (as sent in OIDC initiation login URL response)

login_hint=30bf7735e8f161fd63a329e7fd02e905a3b3706f (as sent in OIDC initiation login URL response)

prompt=none (as specified in IMS documentation)

scope=openid (as specified in IMS documentation)

response_mode=form_post (as specified in IMS documentation)

response_type=id_token (as specified in IMS documentation)

state=d7763c4f-4fa1-4225-bbd1-3e601c55ad2b (generated by the tool using nodejs uuid package)

nonce=KcBG6xmF2Cpw2B3 (generated by the tool using nodejs nonce-generator package)

redirect_uri=https://<<mydomainname>>/oidc/redirect_uri (as specified in developer key configuration)

Response of this URL is as follows: (login_required error)

<!DOCTYPE html>

<head>

rel="stylesheet">

if (navigator.userAgent.match(/(MSIE|Trident\/)/)) location.replace('/ie-is-not-supported.html')

</script>

href="/dist/brandable_css/default/variables-8391c84da435c9cfceea2b2b3317ff66.css" />

href="/dist/brandable_css/new_styles_normal_contrast/bundles/common-de377105d3.css" />

function _earlyClick(e){

var c = e.target

while (c && c.ownerDocument) {

if (c.getAttribute('href') == '#' || c.getAttribute('data-method')) {

e.preventDefault()

(_earlyClick.clicks = _earlyClick.clicks || []).push(c)

break

}

c = c.parentNode

}

document.addEventListener('click', _earlyClick)

</script>

INST = {"environment":"production","disableCrocodocPreviews":true,"logPageViews":true,"maxVisibleEditorButtons":3,"editorButtons":[]};

ENV = {};

</script>

type="text/javascript">

//<![CDATA[

;["/dist/brandable_css/default/variables-8391c84da435c9cfceea2b2b3317ff66.js", "/dist/webpack-production/main-e-fa4ef1e452.js"].forEach(function(src) {

var s = document.createElement('script')

s.src = src

s.async = false

document.head.appendChild(s)

});

//]]>

</script>

//<![CDATA[

(window.bundles || (window.bundles = [])).push('navigation_header');

//]]>

</script>

<title>Canvas LMS</title>

</head>

<form id="authorization_redirect_form"

action="https://lti-advantage.airislabs.com/openid-test-app/session/canvas/oidc/redirect_uri" accept-charset="UTF-8"

method="post"><input name="utf8" type="hidden" value="✓" /><input type="hidden" name="authenticity_token" value="Fr/XWMDTAwt4uGP65ECaQB2um0y+kXnLzAYAUAFKVaZ7i/hrgZ9tYQ/pJoPPJM4DJMLNL+nwSqyhVTgYVnIBjQ==" />

</form>

document.getElementById('authorization_redirect_form').submit();

</script>

matthew_buckett · ‎01-26-2021

Thanks for the much clearer explanation of the problem, from my reading I can't see anything obviously wrong, it looks very similar to how our LTI 1.3 launches go.

The error message is coming from: https://github.com/instructure/canvas-lms/blob/master/app/controllers/lti/ims/authentication_control...

Are you correctly encoding the parameters in the GET request to /api/lti/authorize_redirect ?

I used Chrome network console to find the request you are talking about and did a "copy as cURL" and after editing this is an example of how our working requests look (very similar to yours). We do use the central LTI endpoints rather than the instance specific onces, but I've had it working on the instance specific ones so don't think your error is related to that.

curl 'https://canvas.instructure.com/api/lti/authorize_redirect?response_type=id_token&client_id=122010000000000038&scope=openid&state=9a7c9a316772b15e&redirect_uri=https://lti.canvas.ox.ac.uk/lti/login&login_hint=5de1538afb8f1cab07a03c891df215badaa4d7f7&lti_message_hint=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ2ZXJpZmllciI6IjVkZDBlN2U2YThlYjYyNWYxMmQ1NDA3Y2ZlMTMzY2IyMjZiYWUyYjM1YTk3Y2E1YzZmYjNmMjFlMzNlMTJkMjlhZGY0NzJiYmM5ZDc5MGU0Y2UyNWE3Nzg1NTE0MDhjMGJhMjAxOGI5ZmEyZjBkZmNlMDQ4NmM0NzU2YjE4NWM1IiwiY2FudmFzX2RvbWFpbiI6ImNhbnZhcy5veC5hYy51ayIsImNvbnRleHRfdHlwZSI6IkFjY291bnQiLCJjb250ZXh0X2lkIjoxMjIwMTAwMDAwMDAwMDAwMDEsImV4cCI6MTYxMTY2NjQ1M30.xtzccyfzahiJt1hUFamgj8HKXEHYXNdPEWT_plP2SOA&registration_id=universityofoxford-sa&nonce=9ab33dba-f0ca-4338-ab7f-746f545863ff&prompt=none&response_mode=form_post'

It doesn't work any more (because the JWT in the lti_message_hint is expired), it will give an error of:

{"status":"bad_request","message":"Invalid lti_message_hint"}

sangeethaj03 · ‎01-26-2021

Is there anything I need to enable in my canvas instance?

When I am triggering the API https://canvas.instructure.com/api/lti/authorize_redirect, it is throwing 400 bad request

{

"status": "bad_request",

"message": "Invalid lti_message_hint"

}

lti_message_hint is valid in my canvas instance.

matthew_buckett · ‎01-27-2021

Using https://canvas.instructure.com only works if you are an Instructure customer using their hosted service.

If you are running your own instance of Canvas one gotcha I've come across is not running redis, Canvas will startup with just a database, but some functionality (OAuth2, probably LTI 1.3) doesn't work unless it can also connect to a redis instance.

sangeethaj03 · ‎01-28-2021

I have included dynamic_settings.yml in the bitnami end. Now, I am getting this error. Can you help me?

#1651 Nil is not a valid JSON source.

account: UserName LastName
category: TypeError
created at: 2021-01-28 02:31:57 -0700
user: user@example.com
request context id: f935e930-c964-450b-8b4a-f7380ea0fb6f

HTTP_ACCEPT: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
HTTP_ACCEPT_ENCODING: gzip, deflate, br
HTTP_HOST: canvas-dev.airislabs.com
HTTP_REFERER: https://canvas-dev.airislabs.com/
HTTP_USER_AGENT: Mozilla/5.0 (Windows NT 6.2; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.104 Safari/537.36
PATH_INFO: /api/lti/authorize
QUERY_STRING: ?client_id=10000000000009&login_hint=30bf7735e8f161fd63a329e7fd02e905a3b3706f&lti_message_hint=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ2ZXJpZmllciI6ImE5OTE5NDU3OTI5MmUxNDk5ZDBlYzRmMjgzNWJmZjc0YTEwNGFjYjE4YTc0ZGU4NDU5NmQxMWZkZWUzMjA5YTdmOGMwYjBkYmQ1MDE1OTBmOGRhMDkxNGEwOWZiZTU2M2RmMDYxYTMyNDQyMDE4NjA2Nzc1MGMzYzI0YTU3NzJjIiwiY2FudmFzX2RvbWFpbiI6ImNhbnZhcy1kZXYuYWlyaXNsYWJzLmNvbSIsImNvbnRleHRfdHlwZSI6IkNvdXJzZSIsImNvbnRleHRfaWQiOjEwMDAwMDAwMDAwMDA1LCJleHAiOjE2MTE4MjY2MTN9.mwDaFUU5znHkFQzlpu_75k-M0fdg4B1ktm4ctgbclnY&nonce=91ItCf2sBN7032B&prompt=none&redirect_uri=https%3A%2F%2Flti-advantage.airislabs.com%2Fopenid-test-app%2Fsession%2Fcanvas%2Foidc%2Fredirect_uri&response_mode=form_post&response_type=id_token&scope=openid&state=4089f5ec-77bf-473d-bb9d-d6e809fcf8be
REMOTE_ADDR: 106.198.12.193
REQUEST_METHOD: GET
REQUEST_URI: https://canvas-dev.airislabs.com/api/lti/authorize?client_id=10000000000009&login_hint=30bf7735e8f16...
SERVER_NAME: canvas-dev.airislabs.com
SERVER_PORT: 443
SERVER_PROTOCOL: HTTP/1.1
format: application/json
hostname: bitnami-canvaslms-c902
meta_headers:
path_parameters: {:format=>"json", :controller=>"lti/ims/authentication", :action=>"authorize"}
pid: 26928
query_parameters: {"client_id"=>"10000000000009", "login_hint"=>"30bf7735e8f161fd63a329e7fd02e905a3b3706f", "lti_message_hint"=>"eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ2ZXJpZmllciI6ImE5OTE5NDU3OTI5MmUxNDk5ZDBlYzRmMjgzNWJmZjc0YTEwNGFjYjE4YTc0ZGU4NDU5NmQxMWZkZWUzMjA5YTdmOGMwYjBkYmQ1MDE1OTBmOGRhMDkxNGEwOWZiZTU2M2RmMDYxYTMyNDQyMDE4NjA2Nzc1MGMzYzI0YTU3NzJjIiwiY2FudmFzX2RvbWFpbiI6ImNhbnZhcy1kZXYuYWlyaXNsYWJzLmNvbSIsImNvbnRleHRfdHlwZSI6IkNvdXJzZSIsImNvbnRleHRfaWQiOjEwMDAwMDAwMDAwMDA1LCJleHAiOjE2MTE4MjY2MTN9.mwDaFUU5znHkFQzlpu_75k-M0fdg4B1ktm4ctgbclnY", "nonce"=>"91ItCf2sBN7032B", "prompt"=>"none", "redirect_uri"=>"https://lti-advantage.airislabs.com/openid-test-app/session/canvas/oidc/redirect_uri", "response_mode"=>"form_post", "response_type"=>"id_token", "scope"=>"openid", "state"=>"4089f5ec-77bf-473d-bb9d-d6e809fcf8be"}
request_id: f935e930-c964-450b-8b4a-f7380ea0fb6f
request_parameters: {}
response_code: 500
session_id: 750d8665066aa06ac91022d03955c2df
type:

        Nil is not a valid JSON source.

        /opt/bitnami/apps/canvaslms/htdocs/app/controllers/lti/ims/authentication_controller.rb:110:in `parse'
/opt/bitnami/apps/canvaslms/htdocs/app/controllers/lti/ims/authentication_controller.rb:110:in `cached_launch_with_nonce'
/opt/bitnami/apps/canvaslms/htdocs/app/controllers/lti/ims/authentication_controller.rb:121:in `id_token'
/opt/bitnami/apps/canvaslms/htdocs/app/controllers/lti/ims/authentication_controller.rb:56:in `authorize'
/opt/bitnami/apps/canvaslms/htdocs/vendor/bundle/ruby/2.5.0/gems/actionpack-5.2.4.3/lib/action_controller/metal/basic_implicit_render.rb:6:in `send_action'
/opt/bitnami/apps/canvaslms/htdocs/vendor/bundle/ruby/2.5.0/gems/actionpack-5.2.4.3/lib/abstract_controller/base.rb:194:in `process_action'
/opt/bitnami/apps/canvaslms/htdocs/vendor/bundle/ruby/2.5.0/gems/actionpack-5.2.4.3/lib/action_controller/metal/rendering.rb:30:in `process_action'
/opt/bitnami/apps/canvaslms/htdocs/vendor/bundle/ruby/2.5.0/gems/actionpack-5.2.4.3/lib/abstract_controller/callbacks.rb:42:in `block in process_action'
/opt/bitnami/apps/canvaslms/htdocs/vendor/bundle/ruby/2.5.0/gems/activesupport-5.2.4.3/lib/active_support/callbacks.rb:109:in `block in run_callbacks'
/opt/bitnami/apps/canvaslms/htdocs/app/controllers/application_controller.rb:562:in `compute_http_cost'
/opt/bitnami/apps/canvaslms/htdocs/vendor/bundle/ruby/2.5.0/gems/activesupport-5.2.4.3/lib/active_support/callbacks.rb:118:in `block in run_callbacks'
/opt/bitnami/apps/canvaslms/htdocs/app/controllers/application_controller.rb:579:in `report_to_datadog'
/opt/bitnami/apps/canvaslms/htdocs/vendor/bundle/ruby/2.5.0/gems/activesupport-5.2.4.3/lib/active_support/callbacks.rb:118:in `block in run_callbacks'
/opt/bitnami/apps/canvaslms/htdocs/vendor/bundle/ruby/2.5.0/gems/inst_statsd-2.1.6/lib/inst_statsd/statsd.rb:95:in `batch'
/opt/bitnami/apps/canvaslms/htdocs/app/controllers/application_controller.rb:557:in `batch_statsd'
/opt/bitnami/apps/canvaslms/htdocs/vendor/bundle/ruby/2.5.0/gems/activesupport-5.2.4.3/lib/active_support/callbacks.rb:118:in `block in run_callbacks'
/opt/bitnami/apps/canvaslms/htdocs/lib/temp_cache.rb:28:in `enable'
/opt/bitnami/apps/canvaslms/htdocs/app/controllers/application_controller.rb:553:in `enable_request_cache'
/opt/bitnami/apps/canvaslms/htdocs/vendor/bundle/ruby/2.5.0/gems/activesupport-5.2.4.3/lib/active_support/callbacks.rb:118:in `block in run_callbacks'
/opt/bitnami/apps/canvaslms/htdocs/app/controllers/application_controller.rb:547:in `set_locale'
/opt/bitnami/apps/canvaslms/htdocs/vendor/bundle/ruby/2.5.0/gems/activesupport-5.2.4.3/lib/active_support/callbacks.rb:118:in `block in run_callbacks'
/opt/bitnami/apps/canvaslms/htdocs/vendor/bundle/ruby/2.5.0/gems/activesupport-5.2.4.3/lib/active_support/callbacks.rb:136:in `run_callbacks'
/opt/bitnami/apps/canvaslms/htdocs/vendor/bundle/ruby/2.5.0/gems/actionpack-5.2.4.3/lib/abstract_controller/callbacks.rb:41:in `process_action'
/opt/bitnami/apps/canvaslms/htdocs/vendor/bundle/ruby/2.5.0/gems/actionpack-5.2.4.3/lib/action_controller/metal/rescue.rb:22:in `process_action'
/opt/bitnami/apps/canvaslms/htdocs/vendor/bundle/ruby/2.5.0/gems/actionpack-5.2.4.3/lib/action_controller/metal/instrumentation.rb:34:in `block in process_action'
/opt/bitnami/apps/canvaslms/htdocs/vendor/bundle/ruby/2.5.0/gems/activesupport-5.2.4.3/lib/active_support/notifications.rb:168:in `block in instrument'
/opt/bitnami/apps/canvaslms/htdocs/vendor/bundle/ruby/2.5.0/gems/activesupport-5.2.4.3/lib/active_support/notifications/instrumenter.rb:23:in `instrument'
/opt/bitnami/apps/canvaslms/htdocs/vendor/bundle/ruby/2.5.0/gems/activesupport-5.2.4.3/lib/active_support/notifications.rb:168:in `instrument'
/opt/bitnami/apps/canvaslms/htdocs/vendor/bundle/ruby/2.5.0/gems/actionpack-5.2.4.3/lib/action_controller/metal/instrumentation.rb:32:in `process_action'
/opt/bitnami/apps/canvaslms/htdocs/vendor/bundle/ruby/2.5.0/gems/actionpack-5.2.4.3/lib/action_controller/metal/params_wrapper.rb:256:in `process_action'
/opt/bitnami/apps/canvaslms/htdocs/vendor/bundle/ruby/2.5.0/gems/activerecord-5.2.4.3/lib/active_record/railties/controller_runtime.rb:24:in `process_action'
/opt/bitnami/apps/canvaslms/htdocs/vendor/bundle/ruby/2.5.0/gems/actionpack-5.2.4.3/lib/abstract_controller/base.rb:134:in `process'
/opt/bitnami/apps/canvaslms/htdocs/vendor/bundle/ruby/2.5.0/gems/actionview-5.2.4.3/lib/action_view/rendering.rb:32:in `process'
/opt/bitnami/apps/canvaslms/htdocs/vendor/bundle/ruby/2.5.0/gems/actionpack-5.2.4.3/lib/action_controller/metal.rb:191:in `dispatch'
/opt/bitnami/apps/canvaslms/htdocs/vendor/bundle/ruby/2.5.0/gems/actionpack-5.2.4.3/lib/action_controller/metal.rb:252:in `dispatch'
/opt/bitnami/apps/canvaslms/htdocs/vendor/bundle/ruby/2.5.0/gems/actionpack-5.2.4.3/lib/action_dispatch/routing/route_set.rb:52:in `dispatch'
/opt/bitnami/apps/canvaslms/htdocs/vendor/bundle/ruby/2.5.0/gems/actionpack-5.2.4.3/lib/action_dispatch/routing/route_set.rb:34:in `serve'
/opt/bitnami/apps/canvaslms/htdocs/vendor/bundle/ruby/2.5.0/gems/actionpack-5.2.4.3/lib/action_dispatch/journey/router.rb:52:in `block in serve'
/opt/bitnami/apps/canvaslms/htdocs/vendor/bundle/ruby/2.5.0/gems/actionpack-5.2.4.3/lib/action_dispatch/journey/router.rb:35:in `each'
/opt/bitnami/apps/canvaslms/htdocs/vendor/bundle/ruby/2.5.0/gems/actionpack-5.2.4.3/lib/action_dispatch/journey/router.rb:35:in `serve'
/opt/bitnami/apps/canvaslms/htdocs/vendor/bundle/ruby/2.5.0/gems/actionpack-5.2.4.3/lib/action_dispatch/routing/route_set.rb:840:in `call'
/opt/bitnami/apps/canvaslms/htdocs/gems/plugins/respondus_soap_endpoint/lib/respondus_soap_endpoint/middleware.rb:78:in `call'
/opt/bitnami/apps/canvaslms/htdocs/vendor/bundle/ruby/2.5.0/gems/rack-2.2.3/lib/rack/deflater.rb:44:in `call'
/opt/bitnami/apps/canvaslms/htdocs/vendor/bundle/ruby/2.5.0/gems/rack-2.2.3/lib/rack/chunked.rb:98:in `call'
/opt/bitnami/apps/canvaslms/htdocs/vendor/bundle/ruby/2.5.0/gems/rack-2.2.3/lib/rack/tempfile_reaper.rb:15:in `call'
/opt/bitnami/apps/canvaslms/htdocs/vendor/bundle/ruby/2.5.0/gems/rack-2.2.3/lib/rack/etag.rb:27:in `call'
/opt/bitnami/apps/canvaslms/htdocs/vendor/bundle/ruby/2.5.0/gems/rack-2.2.3/lib/rack/conditional_get.rb:27:in `call'
/opt/bitnami/apps/canvaslms/htdocs/vendor/bundle/ruby/2.5.0/gems/rack-2.2.3/lib/rack/head.rb:12:in `call'
/opt/bitnami/apps/canvaslms/htdocs/app/middleware/request_throttle.rb:64:in `block in call'
/opt/bitnami/apps/canvaslms/htdocs/app/middleware/request_throttle.rb:332:in `reserve_capacity'
/opt/bitnami/apps/canvaslms/htdocs/app/middleware/request_throttle.rb:59:in `call'
/opt/bitnami/apps/canvaslms/htdocs/vendor/bundle/ruby/2.5.0/gems/actionpack-5.2.4.3/lib/action_dispatch/http/content_security_policy.rb:18:in `call'
/opt/bitnami/apps/canvaslms/htdocs/app/middleware/request_context_session.rb:25:in `call'
/opt/bitnami/apps/canvaslms/htdocs/vendor/bundle/ruby/2.5.0/gems/rack-2.2.3/lib/rack/session/abstract/id.rb:266:in `context'
/opt/bitnami/apps/canvaslms/htdocs/vendor/bundle/ruby/2.5.0/gems/rack-2.2.3/lib/rack/session/abstract/id.rb:260:in `call'
/opt/bitnami/apps/canvaslms/htdocs/app/middleware/load_account.rb:29:in `call'
/opt/bitnami/apps/canvaslms/htdocs/vendor/bundle/ruby/2.5.0/gems/actionpack-5.2.4.3/lib/action_dispatch/middleware/cookies.rb:670:in `call'
/opt/bitnami/apps/canvaslms/htdocs/vendor/bundle/ruby/2.5.0/gems/actionpack-5.2.4.3/lib/action_dispatch/middleware/callbacks.rb:28:in `block in call'
/opt/bitnami/apps/canvaslms/htdocs/vendor/bundle/ruby/2.5.0/gems/activesupport-5.2.4.3/lib/active_support/callbacks.rb:98:in `run_callbacks'
/opt/bitnami/apps/canvaslms/htdocs/vendor/bundle/ruby/2.5.0/gems/actionpack-5.2.4.3/lib/action_dispatch/middleware/callbacks.rb:26:in `call'
/opt/bitnami/apps/canvaslms/htdocs/vendor/bundle/ruby/2.5.0/gems/actionpack-5.2.4.3/lib/action_dispatch/middleware/debug_exceptions.rb:61:in `call'
/opt/bitnami/apps/canvaslms/htdocs/vendor/bundle/ruby/2.5.0/gems/actionpack-5.2.4.3/lib/action_dispatch/middleware/show_exceptions.rb:33:in `call'
/opt/bitnami/apps/canvaslms/htdocs/vendor/bundle/ruby/2.5.0/gems/railties-5.2.4.3/lib/rails/rack/logger.rb:38:in `call_app'
/opt/bitnami/apps/canvaslms/htdocs/vendor/bundle/ruby/2.5.0/gems/railties-5.2.4.3/lib/rails/rack/logger.rb:28:in `call'
/opt/bitnami/apps/canvaslms/htdocs/vendor/bundle/ruby/2.5.0/gems/actionpack-5.2.4.3/lib/action_dispatch/middleware/remote_ip.rb:81:in `call'
/opt/bitnami/apps/canvaslms/htdocs/vendor/bundle/ruby/2.5.0/gems/request_store-1.5.0/lib/request_store/middleware.rb:19:in `call'
/opt/bitnami/apps/canvaslms/htdocs/app/middleware/request_context_generator.rb:49:in `call'
/opt/bitnami/apps/canvaslms/htdocs/vendor/bundle/ruby/2.5.0/gems/rack-2.2.3/lib/rack/method_override.rb:24:in `call'
/opt/bitnami/apps/canvaslms/htdocs/app/middleware/prevent_non_multipart_parse.rb:33:in `call'
/opt/bitnami/apps/canvaslms/htdocs/vendor/bundle/ruby/2.5.0/gems/rack-2.2.3/lib/rack/runtime.rb:22:in `call'
/opt/bitnami/apps/canvaslms/htdocs/vendor/bundle/ruby/2.5.0/gems/activesupport-5.2.4.3/lib/active_support/cache/strategy/local_cache_middleware.rb:29:in `call'
/opt/bitnami/apps/canvaslms/htdocs/vendor/bundle/ruby/2.5.0/gems/actionpack-5.2.4.3/lib/action_dispatch/middleware/executor.rb:14:in `call'
/opt/bitnami/apps/canvaslms/htdocs/vendor/bundle/ruby/2.5.0/gems/rack-2.2.3/lib/rack/sendfile.rb:110:in `call'
/opt/bitnami/apps/canvaslms/htdocs/vendor/bundle/ruby/2.5.0/gems/railties-5.2.4.3/lib/rails/engine.rb:524:in `call'
/opt/bitnami/apps/canvaslms/htdocs/vendor/bundle/ruby/2.5.0/gems/railties-5.2.4.3/lib/rails/railtie.rb:190:in `public_send'
/opt/bitnami/apps/canvaslms/htdocs/vendor/bundle/ruby/2.5.0/gems/railties-5.2.4.3/lib/rails/railtie.rb:190:in `method_missing'
/opt/bitnami/ruby/lib/ruby/gems/2.5.0/gems/passenger-6.0.5/src/ruby_supportlib/phusion_passenger/rack/thread_handler_extension.rb:107:in `process_request'
/opt/bitnami/ruby/lib/ruby/gems/2.5.0/gems/passenger-6.0.5/src/ruby_supportlib/phusion_passenger/request_handler/thread_handler.rb:149:in `accept_and_process_next_request'
/opt/bitnami/ruby/lib/ruby/gems/2.5.0/gems/passenger-6.0.5/src/ruby_supportlib/phusion_passenger/request_handler/thread_handler.rb:110:in `main_loop'
/opt/bitnami/ruby/lib/ruby/gems/2.5.0/gems/passenger-6.0.5/src/ruby_supportlib/phusion_passenger/request_handler.rb:415:in `block (3 levels) in start_threads'
/opt/bitnami/ruby/lib/ruby/gems/2.5.0/gems/passenger-6.0.5/src/ruby_supportlib/phusion_passenger/utils.rb:113:in `block in create_thread_and_abort_on_exception'

matthew_buckett · ‎01-28-2021

My guess is that you don't have redis correctly configured, or you are retrying the same launch repeatedly and Canvas can't find the LTI launch in the cache (redis).

Looking at the code I think it's failing around https://github.com/instructure/canvas-lms/blame/master/app/controllers/lti/ims/authentication_contro... but you're running an older version of Canvas before https://github.com/instructure/canvas-lms/commit/31335da31f46495f748079baf7533220c60fbcf5 where is didn't display a nice error, but instead generated the 500(?) error you are seeing.

sangeethaj03 · ‎02-01-2021

@matthew_buckett - The issue is resolved. A big thanks to you for spending time in resolving my issues.

In my canvas instance, dynami_settings.yml file was missing. So, I did a copy of .example file using command cp dyanmic_settings.yml.example dynamic_settings.yml. Also, I edited the dynamic_settings.yml file by changing 'development' section to 'production' section. Then, I did a restart to my canvas instance using command opt/bitnami ctlscript.sh restart.

On clearing browser cache, login_required error was resolved and I got the id_token from canvas in my redirect_uri.

Thank you very much for guiding me through my issues.

YStudent · ‎06-23-2023

I did the exact same thing but can't solve it.

Platform/Issuer ID:.
Client ID:.
Deployment ID:
Authentication request URL:
Access Token service URL:
Public Keyset URL:

All of the above is perfect. However, my saLTIre says "Verification (strict mode): Failed (login_required: Must have an active user session)".

Is there any solution other than writing dynamic_settings.yml ?. Is there any other solution than writing dynamic_settings.yml?

LTI 1.3/Advantage login_required issue

#1651 Nil is not a valid JSON source.

How to get users LTI v1.3 ID outside of the SSO pa...

Automate admin report 'Grade Export'

ícones de paginas e módulos no Canvas

Integrating Proctor tool on canvas

Canvas mobile app on self hosted instance

API for Exporting the Individual Assignment URL's ...

How to get users LTI v1.3 ID outside of the SSO pa...

Issue in launching external app in self hosted can...

Automate admin report 'Grade Export'

ícones de paginas e módulos no Canvas

You're signed out

LTI 1.3/Advantage login_required issue

#1651 Nil is not a valid JSON source.

Community Help

View our top guides and resources: