Closed dpaceoffice closed 1 month ago
20wildmanj
commented
1 month ago I do not believe that the platform field needs to be modified. That field is based on the guide Canvas provides which has the platform set as "canvas.instructure.com." An invalid redirect_uri response leads me to believe that the "target_link_uri" in your JSON for the canvas configuration may not be correct, but I'm not 100% sure.
dpaceoffice
commented
1 month ago Certainly seems fine.. We're using https://autolab-domain/lti_launch/launch/
This is on version, v2.11.0
20wildmanj
commented
1 month ago As long as target_link_uri is set to for example https://autolab-dev.andrew.cmu.edu/lti_launch/launch (in the case of our one of our testing servers) then that part should be okay. It may actually be a configuration error on the Canvas end. I am not a Canvas admin for CMU either, but IIRC I encountered a similar issue where the redirect URIs needed to be filled in another field.
dpaceoffice
commented
1 month ago As long as target_link_uri is set to for example
https://autolab-dev.andrew.cmu.edu/lti_launch/launch(in the case of our one of our testing servers) then that part should be okay. It may actually be a configuration error on the Canvas end. I am not a Canvas admin for CMU either, but IIRC I encountered a similar issue where the redirect URIs needed to be filled in another field.
Is it normal for autolab to redirect unauthenticated users to /auth/users/sign_in when trying to reach /lti_launch/oidc_login?
Usually I have to make sure I'm authenticated before I see the below image. It seems like from canvas I'm sent to /lti_launch/oidc_login/ and then back to canvas rather than from /lti_launch/launch
We did end up adding /lti_launch/oidc_login/ to the redirect URIs field, but that didn't seem to work either.
This is the trace we're getting:
20wildmanj
commented
1 month ago Yep, autolab does seem to redirect unauthenticated users to /auth/users/sign_in sometimes which requires a re-do of the LTI launch flow unfortunately. Definitely something we want to address in the future.
Also, being sent back to canvas after reaching lti_launch/oidc_login is expected as that is part of the LTI launch flow. You can see this document that details every step of the LTI launch process for more information.
Apparently also you might want to try remove the ending forward slashes for the redirect URIs e.g. /tli_launch/oidc_login and /lti_launch/launch instead of /lti_launch/oidc_login/ etc.
dpaceoffice
commented
1 month ago That solved it! The docs are specifying the forward slashes I believe
20wildmanj
commented
1 month ago Oh I see that, yeah that's misleading, will go ahead and fix that. Sorry for all the trouble to get LTI set up!
We're attempting to integrate Autolab with canvas..
Per the documentation here:
https://docs.autolabproject.com/installation/lti_integration/
This JSON was used on Canvas as a template:
{ "title": "Autolab Integration", "description": "Autolab is an open-source autograding service developed by students, for students", "oidc_initiation_url":"https://<your-autolab-domain>/lti_launch/oidc_login/", "target_link_uri":"https://<your-autolab-domain>/lti_launch/launch/", "scopes": [ "https://purl.imsglobal.org/spec/lti-nrps/scope/contextmembership.readonly" ], "extensions":[ { "tool_id": "autolab-integration", "platform": "canvas.instructure.com", "domain": "<your-autolab-domain>", "privacy_level": "public", "settings": { "text":"Launch Autolab Integration", "icon_url":"<your-icon>", "placements": [ { "text":"Autolab", "enabled": true, "placement":"course_navigation", "message_type": "LtiResourceLinkRequest", "target_link_uri": "https://<your-autolab-domain>/lti_launch/launch/", "icon_url":"<your-icon>", "windowTarget": "_blank" } ] } } ], "public_jwk":{ "kty": "RSA", "e": "AQAB", "use": "sig", "kid": "vLkAvsYBQk5KF3lRxYaUgOWodo_-PL5WrzKLNMcwke0", "alg": "RS256", "n": "iHN9QvbOTCTlyQwiyUKCAF5iLyAMGPZSnS46okSH5EZv0k3B65k0DdQr8b454RfwOABp7FgXKOEG4oMG62GiFoWebf1nKVBF5O80QOHZquTZLXYPMBKW9FVB0oDol-pzzNmqX0iDPBnCsoII3S8_sDn5V4ur3LUKM2j7oBBphhAPiin8Oh64gnAPS5nlnJmaV8VIbOdpQgzLLHPH4jIfjFhvIKzwRf1kqQGZsUaGYhrGZTusPOLJ0nBHlNh5cEEjbfp0oEvsNJoMzF0COZaMt2d89G7-oaVE64vcEc4rRbW4g1nL4NbeO8xh1Vkhp4rsqL8Zw__DHNue-8kJQt2LUw" } }This particular line,
"platform": "canvas.instructure.com",
Was never changed.. Should this reflect the actual Canvas instance we are interfacing with?
Nonetheless, after the redirect goes back to canvas, we get this error:
{"status":"bad_request","message":"Invalid redirect_uri"}
I checked the logs on autolab and seen the following right before getting this error:
Started POST "/lti_launch/oidc_login/" at 2024-08-20 17:39:25 -0400 Processing by LtiLaunchController#oidc_login as HTML Parameters: {"iss"=>"https://canvas.instructure.com", Completed 302 Found in 8ms (ActiveRecord: 1.9ms | Allocations: 1302)
Everything looks fine so I'm a bit baffled as to why this is occurring.. The only line I thought was questionable was this:
"platform": "canvas.instructure.com",
Which I believe should have been something like:
"platform": ".instructure.com",
I'm not the canvas admin, so troubleshooting is rather limited on that side. Although it seems from the provided json everything is auto-populated anyways.