Closed Maxvanhattum closed 2 years ago
Hello, the issue is most likely the ID Token validation, during this process Ltijs tries to retrieve the JWK Set from the LMS.
If you are using docker and testing against a local LMS, Ltijs will try to reach http://127.0.0.1/keys
(example local LMS keyset URL) from inside the container, and it will fail since Ltijs and the LMS don't share the same local network.
Thanks for you quick reply! I am indeed running the canvas instance locally. I am curious as to why it tries to find the keyset on that url. Is this not the one specified at the registerplatform method: authConfig: { method: 'JWK_SET', key: 'http://canvas.docker/api/lti/security/jwks' }
?
If not, where can I configure this?
Interesting, yes, you are setting it correctly. Maybe it's mapping inside of the container? It would be helpful if you could access bash inside of the container and curl
this URL from there, if it doesn't work we know that is the issue.
Ah right, thanks for pointing me in the right way. I was confused because of the way the development/test instance of canvas is set up. The 'canvas.docker' domain name is in that setup configured to resolve to localhost on the host machine. So docker does first reach out to the URL through the host machine, but gets told that the domain name resolves to 127.0.0.1, which it then tries to follow in the docker container. For the slight change anyone else encounters the same problem when developing locally with canvas: simply configuring the docker container to use the host network 'solves' the issue.
Describe the bug When running the LTI tool with MongoDB in docker-containers, the application cannot process the idtoken. It seems to be able to process the LTI handshake, but then after the redirect to my application path it cannot process that token.
This seems to be a configuration problem with the use of mongoose (I think), however the strange thing is that it does connect properly on starting the LTI with registering the platform. The same application does work when running a local mongodb instance and npm run start.
Expected behavior Should be able to process the idtoken after login flow has been completed and redirection happened.
Provider logs
Screenshots See the network requests below:
Ltijs version "ltijs": "^5.6.5"
NodeJS version v14.19.0
Platform used Canvas
Additional context Add any other context about the problem here.