Community Help

26-05-ins-111 · ‎06-28-2017

We would like to get notify the user logout event from Canvas to our LTI. Notifications we are looking is purely related to browser. For example, An user log into canvas and navigate to one of LTI UI section. In case user logged out from Canvas, is there a way to listen to this event from LTI side?

jpoulos · ‎07-12-2017

There is an undocumented logout service (I've got a ticket open to add documentation for it). It's described here: https://canvas.instructure.com/courses/913512/pages/logout-service

To obtain the logout service URL, you would need to add a variable substitution to your configuration for $Canvas.logoutService.url

You'd then do an OAuth signed request to that URL with a 'callback' query parameter:

<value of $Canvas.logoutService.url>?callback=<URL that you want Canvas to hit to log the user out>

Jesse Poulos

Partner Integrations Specialist

Instructure

View solution in original post

26-05-ins-111 · ‎06-29-2017

Hi, really appreciate if someone could help us to have some insight here?

ColinMurtaugh · ‎07-06-2017

Hi Thilina --

The LTI protocol doesn't provide a way to do this (that I'm aware of). You might be able to use Javascript to glean some useful information about the user's logged-in status from the containing page, assuming that you could overcome XSS limitations.

Another thing to consider, if you're administering the Canvas instance yourself: Instructure is building a "live events" service that allows software to subscribe to real-time notifications about various actions that happen in the platform. It's still in a limited-access beta stage, but you can find some more information here: How Do I Configure Live Events for Canvas Data? This probably isn't really an option if you're a vendor building a tool that will be plugged into someone else's instance of Canvas, though.

--Colin

garth · ‎07-08-2017

26-05-ins-111‌ can you say why you need the logout event?

Is it to clean up access tokens in the user profile?

If you are using the OAuth2 workflow to gain a token for the user, the tokens only have a 1 hour life span.

Your implementation of the OAuth2 workflow should handle any logic you would like to implement around house keeping, i.e. releasing a token or refreshing a token.

Not sure if this info helps or not.

26-05-ins-111 · ‎07-27-2017

@garth ‌ We were having some SSO issues if we not receving logout event from Cancas (note that it is not that critical). Until our SSO team gives a permenent fix we tried to come with a short term fix. With the help of log-out service in Canvas we could able to fine tune more SSO scenarios.

garth · ‎07-12-2017

26-05-ins-111 this series of posts might help you, or someone who stumbles across this question:

If you came up with a solution to your scenario, please post back, I would be very interested to learn how you approached your logout scenario.

jpoulos · ‎07-12-2017

There is an undocumented logout service (I've got a ticket open to add documentation for it). It's described here: https://canvas.instructure.com/courses/913512/pages/logout-service

To obtain the logout service URL, you would need to add a variable substitution to your configuration for $Canvas.logoutService.url

You'd then do an OAuth signed request to that URL with a 'callback' query parameter:

<value of $Canvas.logoutService.url>?callback=<URL that you want Canvas to hit to log the user out>

Jesse Poulos

Partner Integrations Specialist

Instructure

garth · ‎07-12-2017

This is great information.

If you get an update on the documentation please post back to this thread.

Thanks

26-05-ins-111 · ‎07-27-2017

Thank you This is really helpful

kyle_king · ‎12-26-2019

BTW, your callback must be a GET parameter to the logout service not a POST parameter. Also, the easiest way to generate the oauth signature is to use the same library Canvas uses to generate it: ims-lti. Here's generating the signed parameters looks like:

 signed_logoff_params = IMS::LTI::Services::MessageAuthenticator.new(
    logout_service_url, logout_params, ENV['LTI_SECRET']
 ).signed_params

Recieving Canvas logout events to LTI

Get Credentials UserID for API awards

Authenticate using user access token instead of us...

Clean up unused Outcomes?

Calendar error when adding an event

Canvas API page-view next response header not appe...

Get Credentials UserID for API awards

Authenticate using user access token instead of us...

Granting "Permissions - Manage" - Is that the only...

Gaining an LTI Developer Key Outside of My Institu...

API returning all my page_views but only first ite...

You're signed out

Recieving Canvas logout events to LTI

Community Help

View our top guides and resources: