LTI 1.3 authentication response not sent

Jump to solution
riosd
Community Participant

Good morning!

  I'm attempting to make the https call referred to as the 'Authentication Request' on step 2 of these instructions: https://canvas.instructure.com/doc/api/file.lti_dev_key_config.html#step-2 but the Authentication Response is not being sent when I make the call from within my code, despite the fact that I'm getting a 'success - 200' response from the call.  If I copy/paste the same exact URL into a browser window, that does provoke the response which I receive at a servlet I set up for this purpose.  So the problem does not appear to be the format or syntax of the call itself, but something related to how it is being sent (perhaps a missing header element or request property?).  I've kept the code minimal to avoid issues, so I think it's likely that something needs to be added here, but I can't figure out what that might be.  Here's the relevant code:

myUrl = "https://canvas.test.instructure.com/api/lti/authorize_redirect";
myUrl += "?scope=openid&response_type=id_token&client_id="+clientID+"&redirect_uri="+redirectURI+"&login_hint="+loginHint+"&state="+sessionID+"&response_mode=form_post&nonce="+sessionID+"&prompt=none&lti_message_hint="+messageHint;
authUrl = new URL(myUrl);
HttpsURLConnection authCon = (HttpsURLConnection)authUrl.openConnection();
authCon.setRequestMethod("GET");
int status = authCon.getResponseCode();

Does anyone happen to know what I need to add to this in order to execute the call successfully?  Since it works in a browser window, I assume there is an element present in those calls which I am missing here.  Any insight or advice would be greatly appreciated.

Thanks!
-David Rios
Canvas Administrator
Oregon State University

Labels (3)
0 Likes
1 Solution
riosd
Community Participant
Author

Turns out, this is not meant to be an HTTPS request at all, but a browser redirect.

View solution in original post

0 Likes