Platform settings for self-hosted Canvas

[GreenOn]

Hi, I installed Canvas and self-hosting it on our own server. I am confused about the platform settings for this type of setup.

Here's my platform setup:

  const plat = await lti.registerPlatform({
    url: 'https://canvas.greenos.io',
    name: 'Greenos Canvas',
    clientId: '10000000000001',
    authenticationEndpoint:'https://canvas.instructure.com/api/lti/authorize_redirect',
    accesstokenEndpoint:'https://canvas.greenos.io/login/oauth2/token',
    authConfig: { 
      method: 'JWK_SET', 
      key: 'https://canvas.instructure.com/api/lti/security/jwks' }
  })

And upon deployment of the app and trying to launch, I am getting an error Unregistered platform attempting connection.

 dynoslti@1.0.0 start /use/src/app
lti
> env DEBUG=provider:* node index.js
lti
environment variables...
lti
LTIKEY
lti
dynosadmin
lti
2020-10-21T16:18:36.253Z provider:main Attempting to connect to database
lti
2020-10-21T16:18:36.677Z provider:database Database connected
lti
2020-10-21T16:18:36.678Z provider:database Database connection open
lti
2020-10-21T16:18:36.686Z provider:main Ltijs started listening on port: 3000
lti
_ _______ _____ _ _____
lti
| | |__ __|_ _| | |/ ____|
lti
| | | | | | | | (___
lti
| | | | | | _ | |\___ \
lti
| |____| | _| |_| |__| |____) |
lti
|______|_| |_____|\____/|_____/
lti
LTI Provider is listening on port 3000!
lti
LTI provider config:
lti
>App Route: /
lti
>Initiate Login Route: /login
lti
>Keyset Route: /keys
lti
>Session Timeout Route: /sessiontimeout
lti
>Invalid Token Route: /invalidtoken
lti
2020-10-21T16:18:37.111Z provider:main Registering new platform
lti
2020-10-21T16:18:37.111Z provider:main Platform Url: https://canvas.greenos.io
lti
2020-10-21T16:18:37.111Z provider:main Platform ClientId: 10000000000001
lti
-----BEGIN PUBLIC KEY-----
lti
MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAqvImuTa1FlP8Pf6t46rH
lti
/QRohlYxabcy0Dzo5h4Gjkco+kVd2QnVz3slEHyFxF71R8tk8Zas22qSu2VCe8PY
lti
hiJaSDesUaH+mHiMIu++fnUAea3IZH1MVfst1GzbKuR5/wQzclW+atVtKIbAezyr
lti
GDfSyuxbsDI0eyuy5gLHZ2wdzKJsN4wcM1DMTAJdpsWD/U2Dsbilcn/zRcKN2iuZ
lti
JbdZTckIQm3khKDjORHtY3vBR7KEv3k4Zmr90aKUNTbDSa2NH8DwRoG5qOg/+A1e
lti
CAZlwxtMFNotd5/b5YUlPORdBLL/i0wSel6/Ebnm+mhCgmBJDYnIGbzB0aTh0wQ4
lti
jhDQlKvXoaLZ+xO6nYYCbInol2OZkuZ98n+ksX6SVPQdjumYy8yp1OSyX0dBGV7M
lti
fKRr3ngAx1yXpYPljQdEJMP/btn6Jp+HNJFb89YqcG+h6MglKFELJnoZsevX2yxp
lti
sOkPYEgMUmehJsPcq3iufMLN6kILwm1mxBa1eMVPA5nS2+pNPxNulUqOsS4LNXYy
lti
CWHfZ4ima01ZXQxuVSbdbVToxYs/WGCe2vrlRu8YMqF4S/pgelcuwkMeWZzMjotz
lti
4c3EUW9yARgDeavUYgVp83nQwRRulhkDZwoBgDnnwUDhVOlPEV8Zdav6PVQv4KIq
lti
e4oc5QFI6raaZ1wWUpuOq2UCAwEAAQ==
lti
-----END PUBLIC KEY-----
lti
Deployed!
lti
2020-10-21T16:19:44.200Z provider:main Receiving request at path: /login
lti
2020-10-21T16:19:44.201Z provider:main Receiving a login request from: https://canvas.instructure.com
lti
2020-10-21T16:19:44.230Z provider:main Unregistered platform attempting connection: https://canvas.instructure.com

I looked into other issues reported on Canvas setup, but they are for cloud-hosted canvas. I just wanted to check with the community here to see if they can point out any problem in my platform setup.

Also, another question: Where can we use the Deployment Id provided by canvas?

Thanks a lot!

[GreenOn]

Updated the platform setting to this:

  const plat = await lti.registerPlatform({
    url: 'https://canvas.instructure.com',
    name: 'Greenos Canvas',
    clientId: '10000000000001',
    authenticationEndpoint:'https://canvas.instructure.com/api/lti/authorize_redirect',
    accesstokenEndpoint:'https://canvas.greenos.io/login/oauth2/token',
    authConfig: { 
      method: 'JWK_SET', 
      key: 'https://canvas.instructure.com/api/lti/security/jwks' }
  })

I was able to bypass the Unregistered Platform error.

However, it throws this error now: {"status":"bad_request","message":"Invalid lti_message_hint","error_report_id":177536838}

Here is the debug report:

lti
2020-10-21T18:01:28.252Z provider:main Receiving request at path: /login
lti
2020-10-21T18:01:28.253Z provider:main Receiving a login request from: https://canvas.instructure.com
lti
2020-10-21T18:01:28.389Z provider:main Redirecting to platform authentication endpoint
lti
2020-10-21T18:01:28.389Z provider:main Target Link URI: https://stg-lti.dynos.io
lti
2020-10-21T18:01:28.389Z provider:main Login request:
lti
2020-10-21T18:01:28.390Z provider:main {
lti
response_type: 'id_token',
lti
response_mode: 'form_post',
lti
id_token_signed_response_alg: 'RS256',
lti
scope: 'openid',
lti
client_id: '10000000000001',
lti
redirect_uri: 'https://stg-lti.dynos.io',
lti
login_hint: '7def19993929af7bcd9ef4b20753d48f95edfc43',
lti
nonce: 'rftujmdyew0f6cwpev51nw5dr',
lti
prompt: 'none',
lti
state: 'db8ba496d0d640abedcc50c97ac6f708dfa00c5762c86fa783',
lti
lti_message_hint: 'eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ2ZXJpZmllciI6IjhmNTdlODc3NzQyYzQ3NjY2NDk3YzExNjdjNDI1ZmZjMDc3OGNmMzkxYmZkOWE5NzJlMGE0MTBhNGE2YWY3NmRjN2FiMzZhMjdkZjNkMDhjOTNjMTYzNjA3NGFhNjdlZWRlMDcwZTllNjQ2ZTRhOWJlY2NhMWMwZDU3YmMzOWJiIiwiY2FudmFzX2RvbWFpbiI6ImNhbnZhcy5ncmVlbm9zLmlvIiwiY29udGV4dF90eXBlIjoiQWNjb3VudCIsImNvbnRleHRfaWQiOjEwMDAwMDAwMDAwMDAyLCJleHAiOjE2MDMzMDM1ODV9.HQNEN_Z3-g6WM7uHNl0T2rYHRx4RbzGdentxGM1KzmQ'
lti
}

[Cvmcosta]

Hello, for self hosted canvas, the platform URL will be the default https://canvas.instructure.com, but every other endpoint should be directed to your canvas instance.

 const plat = await lti.registerPlatform({
    url: 'https://canvas.instructure.com',
    name: 'Greenos Canvas',
    clientId: '10000000000001',
    authenticationEndpoint:'https://canvas.greenos.io/api/lti/authorize_redirect',
    accesstokenEndpoint:'https://canvas.greenos.io/login/oauth2/token',
    authConfig: { 
      method: 'JWK_SET', 
      key: 'https://canvas.greenos.io/api/lti/security/jwks' }
 })

[GreenOn]

Thanks. I changed it and it looks like there is some issue with the setup on the self-hosted Canvas as https://canvas.greenos.io/api/lti/security/jwks is producing an error while(1);{"errors":[{"message":"An error occurred.","error_code":"internal_server_error"}],"error_report_id":161}. I will do some more investigation on this to see if I screwed up anything on the server.

[Cvmcosta]

How did you install Canvas? The Canvas Docker image doesn't work well with LTI. And if you did the production installation, you must to the Dynamic settings configuration and Redis configuration for LTI to work properly. It's a bit tricky.

[GreenOn]

I used bitnami instance on aws: https://docs.bitnami.com/aws/apps/canvaslms/. Yes, I am reading somewhere that I need to visit the Dynamic settings part. It's hard :-(

[Cvmcosta]

Yeah, i was not able to get the Bitnami Canvas image working with LTI :c. I had to do a manual production installation.

If you actually get the bitnami image working, please let me know how, it would save me a lot of time in the future.

[GreenOn]

I got this working finally. There is a workaround explained in this Canvas Community Post that solved this issue.

[johnnyoshika]

Hello, for self hosted canvas, the platform URL will be the default https://canvas.instructure.com, but every other endpoint should be directed to your canvas instance.

I found that for Canvas test instances (ones that some universities use in their Canvas staging environments), the URL should be https://canvas.test.instructure.com instead of https://canvas.instructure.com

 const plat = await lti.registerPlatform({
    url: 'https://canvas.test.instructure.com',
   ...
 })

There's an interesting conversation about this here: https://community.canvaslms.com/t5/Canvas-Developers-Group/LTI-1-3-OIDCAuth-url/td-p/216910 The last commenter is correctly using https://canvas.test.instructure.com for the URL, but is incorrectly using https://canvas.test.instructure.com for all other endpoints. I don't have a Canvas account so I can't comment on that post.