Community Help

haeven · ‎06-26-2019

I am currently testing our LTI 1.3 Tool with Canvas, and after the OIDC Third Party Login in which Canvas sends login parameters including the lti_message_hint, we redirect with a request to the authorize URL in order to request the id_token (per the LTI 1.3 OIDC flow). However, when we make this request to the authorize URL I receive the error:

while(1);{"status":"bad_request","message":"Invalid lti_message_hint","error_report_id":170209301}

Even though we're sending back the exact lti_message_hint that we received on the OIDC TPL request (per the LTI 1.3 Spec). Any insight into why I might be getting this error would be greatly appreciated.

pklove · ‎06-26-2019

Can you post the actual URL you are re-directing to? Just alter any sensitive data.

haeven · ‎06-26-2019

So I was able to resolve the other issue, but I'm now getting a server error when I send the request to Canvas for an id_token after the OIDC TPL. Here is the request url and error:

.../api/lti/authorize?scope=openid&response_type=id_token&response_mode=form_post&prompt=none&client_id=10000000000017&redirect_uri=http%3A%2F%2Fwww.grtstaging.com%2Findex.cfm%2Fcore%2Ftool%2Findex&state=98DDE6FA-659A-4EBB-88B7E8BAC0958F0D&nonce=85F1B78B-EBBD-4AEE-850238F5113DD4D4&login_hint=902abc79ccfb376e0f2cc148d4812037a0cf1d4c&lti_message_hint=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ2ZXJpZmllciI6bnVsbCwiY2FudmFzX2RvbWFpbiI6ImNhbnZhcy5ncmVhdHJpdmVybGVhcm5pbmcuY29tIiwiY29udGV4dF90eXBlIjoiQ291cnNlIiwiY29udGV4dF9pZCI6MTAwMDAwMDAwMDAwMDEsImV4cCI6MTU2MTYwMzYwNX0.qHNL66CCGaGPl8zgpklKmBrS5qeSgATn91XId-0Lsxw
while(1);{"errors":[{"message":"An error occurred.","error_code":"internal_server_error"}],"error_report_id":145}

Your assistance is greatly appreciated! pklove‌

pklove · ‎06-26-2019

Which Canvas server are you sending the request to?

haeven · ‎06-27-2019

It is a image loaded on to one of the companies private servers, are there public accessible servers for testing pklove‌?

pklove · ‎06-27-2019

I've only done LTI 1.3 against Instructure hosted Canvas.

For those you use: https://canvas.instructure.com/api/lti/authorize_redirect

Although https://yourserver.instructure.com/api/lti/authorize also works.

swolf · ‎04-19-2022

How did you resolve the lti_message_hint issue? I am getting the same error.

bgolson · ‎07-23-2019

@haeven ‌ I'm getting the same "Invalid lti_message_hint error" from your original post. How did you resolve that?

Thanks for your help!

Update: I wasn't forwarding the value properly. So I've now advanced past the lti_message_hint error and on to a generic server error. This one should be fun to debug

haeven · ‎07-24-2019

This is also where we are at with our testing, we tested with a customer's dev environment and we did not receive this error so we concluded that is has something to do with our Canvas image/deployment.

orhunk90 · ‎03-03-2020

@haeven @bgolson I am also getting: "

{"status":"bad_request","message":"Invalid lti_message_hint","error_report_id":172232213}

Can you please share what was your solution?

This is how my authentication request looks like:

https://canvas.instructure.com/api/lti/authorize_redirect

client_id:"10000000000003",
login_hint:"2f16f60997a89e831afc21ffd15bdfd6b66b273f",

lti_message_hint:"eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ2ZXJpZmllciI6ImY0MGUzYjUwNmIyMTljNjAwYjkxYzZiZTQ3OGZiMTI5MTMyNmU4N2Y2NjIwNTdkMGI3ZmZlMjc1NzRiMTYzNGFmZjUxNTYzMjkyODI5OTBiYTExODVhYmU3MWMzYmY2MDU0NTdhZmY0ZjgxMDQ0ZWYxY2FlNDZjMmNiOTY4ZGRjIiwiY2FudmFzX2RvbWFpbiI6IjMuMjIwLjIyMi4yIiwiY29udGV4dF90eXBlIjoiQ291cnNlIiwiY29udGV4dF9pZCI6MTAwMDAwMDAwMDAwMDEsImV4cCI6MTU4MzI1OTcxNH0.3d3y9orPbV5y29QtpPxZ6AaPNnjd60UAWNHACQv9cYc",
nonce:"7417f2eb-d68b-4b00-9513-1b52aee9df92",
prompt:"none",
redirect_uri:"https://localhost:8000/redirect",
response_mode:"form_post",
response_type:"id_token",
scope:"openid",
state:"81b46989-0606-49e0-842e-b9c4060177dd"

jkp · ‎09-05-2019

Did anybody found solution for this? I on the other hand keep getting invalid_scope error when I pass any scope or no at all. I tried with canvas scopes and with `openid` one.

william_diehl · ‎09-09-2019

Invalid Scope errors could mean you're either requesting a scope not granted to the developer key or you're using an improperly crafted scope name (the scopes are in URI format). Double check your developer key to make sure you've granted the particular permission(s) you're requesting (I assume you're requesting something like view users/roles, view assignments, modify grades, etc) or double check the format of the scope you're passing.

Here's an example of the POST parameters I'm using, requesting ALL scope permissions (with our signed JWT appended at the end)

grant_type=client_credentials&client_assertion_type=urn:ietf:params:oauth:client-assertion-type:jwt-bearer&scope=https://purl.imsglobal.org/spec/lti-nrps/scope/contextmembership.readonly https://purl.imsglobal.org/spec/lti-ags/scope/lineitem https://purl.imsglobal.org/spec/lti-ags/scope/result.readonly https://purl.imsglobal.org/spec/lti-ags/scope/score&client_assertion=" + jwt

mahmoud_mostafa · ‎12-17-2019

pklove‌

I am having kind of similar error here

GET /token?error=invalid_scope&error_description=A+requested+scope+is+invalid%2C+unknown%2C+malformed%2C+or+exceeds+the+scope+granted+by+the+resource+owner.+The+following+scopes+were+requested%2C+but+not+granted%3A+

my scopes are like that

scopes: [

'https://purl.imsglobal.org/spec/lti-ags/scope/lineitem',

'https://purl.imsglobal.org/spec/lti-ags/scope/result.readonly',

'https://purl.imsglobal.org/spec/lti-ags/scope/score',

'https://purl.imsglobal.org/spec/lti-nrps/scope/contextmembership.readonly',

'https://purl.imsglobal.org/spec/lti-ags/scope/lineitem.readonly'

]

anyone has an idea how to get over this error ?

Thanks

iqbal · ‎05-28-2020

Hello everyone, Im facing a similar issue encountered by @haeven ‌, @bgolson ‌ and orhunk90 ‌: Im getting the same "Invalid lti_message_hint" error when making the authentication response to the OIDC Authorization endpoint (https://canvas.instructure.com/api/lti/authorize_redirect) eventhough I'm passing the exact same lti_message_hint value as received.

@bgolson ‌ you mentioned you had this error because the lti_message_hint value wasnt forwarded properly. Could you perhaps elaborate abit more on how you resolved this?

pklove‌ I'd really appreciate any input you have on this matter as well.

Many thanks in advance!

PraveenR · ‎03-23-2023

Having the same issue.

Getting the following error when we use https://canvas.instructure.com/api/lti/authorize_redirect

{"status":"bad_request","message":"Invalid lti_message_hint"}

And the below error is occurred when we use https://<custom-domain>/api/lti/authorize

{"errors":[{"message":"An error occurred.","error_code":"internal_server_error"}],"error_report_id":41}

We're using a canvas image provide by bitnami.

LTI 1.3 Integration Testing Error

LTI

Get Credentials UserID for API awards

Authenticate using user access token instead of us...

Clean up unused Outcomes?

Calendar error when adding an event

Canvas API page-view next response header not appe...

Get Credentials UserID for API awards

Authenticate using user access token instead of us...

Granting "Permissions - Manage" - Is that the only...

Gaining an LTI Developer Key Outside of My Institu...

API returning all my page_views but only first ite...

You're signed out

LTI 1.3 Integration Testing Error

Community Help

View our top guides and resources: