Missing "id_token" when get_launch_data() in launch() function

[shinsean]

I am trying to get the Flask Example working, but have run into several issues. While the others were able to be solved through modification of the code, the missing "id_token" error I was unable to fix.

The error is in line 108 in app.py. It is returning a "missing 'id_token'" error when the program gets to that point. I believe the problem stems from line 33 in https://github.com/dmitry-viskov/pylti1.3/blob/aa20e77bbe1cf95f5e5134e8e684a082bd255e8a/pylti1p3/contrib/flask/request.py#L33 returning None when the "id_token" key is attempted to be retrieved.

From what I could tell, that method is called in _get_id_token() in https://github.com/dmitry-viskov/pylti1.3/blob/aa20e77bbe1cf95f5e5134e8e684a082bd255e8a/pylti1p3/message_launch.py#L282 which in turn is called in validate_jwt_format() in https://github.com/dmitry-viskov/pylti1.3/blob/aa20e77bbe1cf95f5e5134e8e684a082bd255e8a/pylti1p3/message_launch.py#L506 which in turn is called in validate() in https://github.com/dmitry-viskov/pylti1.3/blob/aa20e77bbe1cf95f5e5134e8e684a082bd255e8a/pylti1p3/message_launch.py#L248 which in turn is called in _get_jwt_body() in https://github.com/dmitry-viskov/pylti1.3/blob/aa20e77bbe1cf95f5e5134e8e684a082bd255e8a/pylti1p3/message_launch.py#L269 which in turn is called in get_launch_data() in https://github.com/dmitry-viskov/pylti1.3/blob/aa20e77bbe1cf95f5e5134e8e684a082bd255e8a/pylti1p3/message_launch.py#L390 which in turn is called in the launch() function in the Flask Example.

Browser: Vivaldi (All other browsers (with the exception of Epiphany Browser) were unable to load the embed when "External Tool" was chosen in the Assignment Upload section) Canvas was installed locally and running on 127.0.0.1:3000/ The Flask Example was run inside a venv following all of the instructions listed in the README. Public and private keys were generated. The developer key and the app was created and installed in the organization's admin page in Canvas instead of "Site Admin". When creating the keys and installing the application, all steps laid out in https://github.com/dmitry-viskov/pylti1.3/wiki/Configure-Canvas-as-LTI-1.3-Platform In game.json, the "https://canvas.instructure.com" was kept the same. Whenever there was a "http://canvas.docker", it was changed to "http://127.0.0.1:3000/". The names/paths for the key files were updated to reflect the current paths to the key files. The client ID and the deployment ID were also changed to reflect what was in Canvas.

[dmitry-viskov]

hi @shinsean . I may assume that you are doing something wrong. id_token is required parameter that must be passed using url or POST. Here is example of successful launch in Vivaldi:

[dmitry-viskov]

http://www.imsglobal.org/spec/lti/v1p3/#messages-and-services:

Messages. When a user clicks on the embedded link for an LTI resource within the platform, the platform initiates an OpenID login which ultimately results in the platform passing the LTI Message (id_token) to the tool as defined in the IMS Security Framework [SEC-10].

id_token is passed by platform (i.e Canvas)

[shinsean]

Is there any obvious error that you suspect I might have made? For example, if Canvas was accessible with http://127.0.0.1:3000/ should I have replaced http://canvas.docker/ with http://127.0.0.1:3000/ (which is what I did)? In game.json , should I have kept https://canvas.instructure.com as it was by default in the file (which is what I did)?

[shinsean]

I have a friend who I am working with and he is stuck on the same issue. @JoshYoung2693. Since I will be going to bed, he will be taking my place in this discussion until I wake up. He has done the same steps as me with the same conditions and has the same problem.

[dmitry-viskov]

"https://canvas.instructure.com": [{
  "default": true,
  "client_id": "<client-id-from-canvas>",
  "auth_login_url": "<canvas-host>/api/lti/authorize_redirect",
  "auth_token_url": "<canvas-host>/login/oauth2/token",
  "key_set_url": "<canvas-host>/api/lti/security/jwks",
  "key_set": null,
  "private_key_file": "private.key",
  "public_key_file": "public.key",
  "deployment_ids": ["<deployment-id-from-canvas>"]
}

[JoshYoung2693]

We are having issues with creating the asignment as a teacher.

[JoshYoung2693]

Is there any obvious error that you suspect we might have made?

[dmitry-viskov]

hi @JoshYoung2693 .

1. First of all I see that Canvas sends incorrect data to the application. Please read this conversation: https://community.canvaslms.com/t5/Question-Forum/LTI-1-3-Advantage-login-required-issue/td-p/424707 . it is very similar to your issue. Also I recommend you to use different host names for the app and for the Canvas. Because your issue could be connected with the reuse of the same cookies.

2. Also I recommend to configure nginx (or other proxy server) and use self-signed SSL certificate to avoid cookies issue and "new page" step (https://github.com/dmitry-viskov/pylti1.3#cookies-issues-in-the-iframes).

3. As I could see from the screenshots you've used "Deep Link Launch". I recommend to start with the simple message launch. I.e just paste link http://flask-app/launch/ to the "URL" field in the "Configure External Tool" window.