How to determine LTI 1.3 login / oauth / authorize / jwks URLs

marcspringshare
Community Explorer

Hi all,

I am finalizing my LTI 1.3 tool implementation, and I am down to one remaining question.  During development I hardcoded some Canvas URLs into my configuration:

const CANVAS_OIDC_LOGIN_URL = 'https://my-canvas-hostname/api/lti/authorize_redirect';
const CANVAS_OIDC_TOKEN_URL = 'https://my-canvas-hostname/login/oauth2/token';
const CANVAS_OIDC_JWKS_URL = 'https://my-canvas-hostname/api/lti/security/jwks';

Now it is time to replace my development URLs with some real values, and I am unsure what I should be using.

This post, https://community.canvaslms.com/t5/Developers-Group/LTI-1-3-Integration-Testing-Error/m-p/227067/hig... indicates you can use "canvas.instructure.com" or "yourserver.instructure.com" for instances hosted by Canvas / Instructure.

I'm assuming that for self-hosted instances, "canvas.instructure.com" will not work and I will need to hit "canvas.myschool.edu" instead.  (Is that right?)  But as a 3rd party, I wont know if a given Canvas site is self-hosted.

Is the best bet to forget about "canvas.instructure.com" and always request over the customer's Canvas domain?  Or do we assume that all Canvas instances are hosted, and see if we run into any edge cases that are self-hosting?

Maybe I'm over thinking things...

Thanks!

Labels (2)
0 Likes
Users who also had this question