RE: oauth problem when setting up LTI in Canvas

[rlz...@vt.edu]

Hi,

Currently I am trying to add lti to my local canvas installation, but ran into some problem in validating oauth signature that processed in my external tool :

the environment I have setup:

1. localhost:3000/ is my local canvas app

2. localhost:5000/ is the external UDOIT app installation (from https://github.com/ucfcdl/UDOIT)

3. logged in as admin, added the ext app under a course level, and provided the consumer key/shared secret.

4. generated oauthid/key from canvas admin login ->Site Admin->developer key. 

Problem:   When clicking on the external tool, Canvas send the user to the external app for authorization as expected.   The request is as:

http://localhost:3000/login/oauth2/auth/?client_id=[my oauth2_client_id]&response_type=code&redirect_uri=http://localhost:5000/oauth2endpoint

But then the error threw out validating the authorization:

Remote Address: 127.0.0.1:3000

request URL: http://localhost:3000/login/oauth2/accept

Request Method: POST

Status Code: 500 Internal Server Error

Thanks for any advice,

Ruiling

Web developer,

Virginia Tech

[Midiman]

I'm working on a similar project. If you've not already reached out to the developer of the tool, you might be able to get some help from him: Jacob Bates: jacob...@ucf.edu

I can't say for sure since I've not gotten as far as you have, but my question I put out to him is using the docs in Canvas: https://community.canvaslms.com/docs/DOC-4675, what information would we need to put in the 5 fields when generating our own key and how that translates to configuring the tool. 

As for your error, like I said I can't be 100% sure, but initially it looks like a mis-configuration of some sort. The fact that the key is being placed in the query string indicates a GET request when the error reports that it has information in a POST request. But that's just my initial observation, and wouldn't be able to provide as accurate information as the development team that wrote UDOIT. 

[rlz...@vt.edu]

Thanks for your input, Midiman.  Yes,  when clicking on external tool from canvas,  the request did begin with a GET with clientid, response_type, and redirect_uri passing in correctly.  Then the authorization window was prompted which I believe to valid the user logging in canvas, and to authorize the external app to access my canvas course site.   The 500 Internal Server Error was occurred when I click on the 'Authorize' button,  it sent a POST request from my local canvas "login/oauth2/accept" and with an authenticity_token, but redirect the user to the redirect_uri.   From the console before the error, there's warning "You are trying to launch insecure content from within a secure site(canvas). Some web browsers may prevent this content from loading" , I am thinking to try to redirect to uri beginning with https. Though not sure if it's the root cause.

Meanwhile hope some one experienced in oAuth2 could shed me some light.

Thnx,

[Midiman]

I've got a virtual environment set up to work with this software, and am getting stuck at a similar point. Jacob Bates at UCF has been very helpful in helping me get as far as I have gotten. I'll have more time to play with this soon and if I get any further I'll post back with my results.