Can the outbound LTI handshake pass the current user's SIS ID

[itur...@gmail.com]

I'm building an LTI integration for an external tool we built, and just ran into an issue with the user name that gets passed along.

We are going to be importing a large number of users who's unique id will be present in Canvas as the SIS ID.

This doesn't seem to come along with the basic LTI messages and I'm wondering if this is a shortcoming of LTI, Canvas, or how we are populating our users.

Basically on my external tool's side, the unique user id is the SIS ID, the students name will not be particularly useful.

The tool is configured with 'name_only' privacy level.

Here's what I'm seeing as far as the passed post parameters:

context_id

context_label

context_title

ext_ims_lis_basic_outcome_url

launch_presentation_document_target

launch_presentation_height

launch_presentation_locale

launch_presentation_return_url

launch_presentation_width

lis_outcome_service_url

lis_person_name_family

lis_person_name_full

lis_person_name_given

lis_result_sourcedid

lti_message_type

lti_version

oauth_callback

oauth_consumer_key

oauth_nonce

oauth_signature

oauth_signature_method

oauth_timestamp

oauth_version

resource_link_id

resource_link_title

roles

tool_consumer_instance_contact_email

tool_consumer_instance_guid

tool_consumer_instance_name

user_id

[Bracken Mosbacker]

Canvas doesn't send the SIS ID in any launch parameter but it definitely should. I don't know what parameter that'd come across as though, either a custom_* or there might be an appropriate lis_person_* parameter for it already. When this is added I'd expect it to only be available for "public" tools launches though.

-bracken

[Luke Fernandez]

We found a similar limitation (albeit not a showstopper) in our own
use of the Canvas oauth external tool. As I remember Canvas' oauth
will send the user's LIS_PERSON_NAME_GIVEN and LIS_PERSON_NAME_FAMILY
as well as a sis course id. So on the basis of those parameters we
could reconstruct the user.

It would be better if Canvas didn't make us pass through those hoops.
After all we're the ones that share our SIS info with Canvas. If
we're willing to share with them its only polite to quickly find a way
to share that info back. :)

Luke
http://itintheuniversity.blogspot.com

[Ian Turgeon]

Maybe "lis_person_sourced_id" could be used to carry this value?

Google searches find it used in code, but can't find any documented resources.  

[Ian Turgeon]

Just tested adding it to the "public" launch.. works nicely, assuming the name makes sense (I'd have to defer to those with more LTI knowledge)

How would I go about getting this into the codebase?

 

-----------------------------------------------

diff --git a/lib/basic_lti.rb b/lib/basic_lti.rb

index a91a417..eb8c97e 100644

--- a/lib/basic_lti.rb

+++ b/lib/basic_lti.rb

@@ -92,6 +92,7 @@ module BasicLTI

       if tool.public?

         hash['custom_canvas_user_id'] = user.id

         hash['custom_canvas_course_id'] = context.id

+        hash['lis_person_sourced_id'] = user.pseudonym.sis_user_id

       end

 

       hash['context_id'] = context.opaque_identifier(:asset_string)

-------------------------------------------

[Ian Turgeon]

Found it: 

lis_person_sourcedid=school.edu:user
This field contains the LIS identifier for the user account that is performing this launch. The example syntax of "school:user" is not the required format – lis_person_sourcedid is simply a globally unique identifier (i.e., a normalized string). This field is optional and its content and meaning are defined by LIS.

from http://www.imsglobal.org/lti/v1p1pd/ltiIMGv1p1pd.html

[Zach Wily]

Ian,

There are a few things to consider here:

* Are you sure you want the sis_user_id and not the sis_login_id? I think that normally they are the same, but they don't have to be. sis_user_id is probably the correct choice, I just want to make sure it's considered.

* SIS user ids are considered FERPA-protected by some institutions, so Canvas is careful about where they are exposed. In this case it seems safe, since a teacher (or admin) has to set up the external tool launch and they already have access to SIS identifiers, but we just need to confirm that that is generally okay.

* A user can have multiple pseudonyms, and user.pseudonym will just pull the default one. For an open-source installation this is probably fine, but in Canvas Cloud a user can have many pseudonyms across different schools (which is why it's the pseudonym, and not the user, that stores the SIS identifiers). We want to make sure there that we get the correct pseudonym for the current request. The User model has a helper for this: sis_pseudonym_for:

hash['lis_person_source_id'] = user.sis_pseudonym_for(context).try(:sis_user_id)

(The try is in case sis_pseudonym_for returns nil.)

That said, I've just been told that Bracken has already started implementing this, so maybe all you have to do is wait. :)

--
Zach Wily
VP of Engineering, Instructure

[Ian Turgeon]

Thanks for the explanation of the surrounding issues, its exactly what I was trying to get at.

Being new to Canvas/LTI I lack some the bigger picture so this fills in some of the holes for me, much appreciated.

I talked to our LMS administrators to verify, it looks like I'll need the SIS login_id rather then the user_id (different values for us).  There's too many userId's in the world...

[Christopher Bennell]

Is there any update on this? It would be great to see SIS ids in the LTI launch params.

Thanks!

[Bracken Mosbacker]

Yes, that has been added, here is the commit: https://github.com/instructure/canvas-lms/commit/526026ebb9d6d421559c22526532a4d15666ea98

So these were added:

lis_person_sourcedid - the SIS id of the user

custom_canvas_user_login_id - the login id of the user

if it's launched from a course:

lis_course_offering_sourcedid - the SIS id of the course

if it's launched from an account:

custom_canvas_account_id - canvas id for the account

custom_canvas_account_sis_id - the SIS id of the account. (I couldn't find an lis_account equivalent for this)

-bracken

--
 
 
 

[Ian Turgeon]

So very happy we switched to Canvas this week :)

Thanks guys, looking forward to more interaction with your team

Ian Turgeon - University of Central Florida

[Christopher Bennell]

Awesome, thanks Bracken!

On Wednesday, July 25, 2012 4:50:21 PM UTC-4, bracken wrote: