Handle the case where the same Canvas Studio OAuth client is reused for multiple installs at the same LMS, and the Canvas Studio admin has authenticated using while using a different install than the one being used to launch a Canvas Studio assignment.
Previously admin-authenticated API requests to Canvas Studio used tokens associated with the same application instance as the current LTI user. In this commit that is changed to find a (user, application_instance) combination for a user who has the correct email, belongs to the same LMS, and has authenticated with Canvas Studio. If there are multiple matches, because the admin has authenticated in multiple installs, we pick the most recent.
This solution is something of a workaround for the fact that OAuth tokens in our LMS app do not correspond 1:1 with records in the external LMS. In the external LMS, tokens are keyed by (oauth_client_id, user_id). Our oauth2_token table however is keyed by (application_instance_id, user_id), and it is possible to configure multiple app instances using the same OAuth client ID.
Handle the case where the same Canvas Studio OAuth client is reused for multiple installs at the same LMS, and the Canvas Studio admin has authenticated using while using a different install than the one being used to launch a Canvas Studio assignment.
Previously admin-authenticated API requests to Canvas Studio used tokens associated with the same application instance as the current LTI user. In this commit that is changed to find a
(user, application_instance)
combination for a user who has the correct email, belongs to the same LMS, and has authenticated with Canvas Studio. If there are multiple matches, because the admin has authenticated in multiple installs, we pick the most recent.This solution is something of a workaround for the fact that OAuth tokens in our LMS app do not correspond 1:1 with records in the external LMS. In the external LMS, tokens are keyed by
(oauth_client_id, user_id)
. Ouroauth2_token
table however is keyed by(application_instance_id, user_id)
, and it is possible to configure multiple app instances using the same OAuth client ID.Fixes https://github.com/hypothesis/lms/issues/6356.
Testing: