search

microsoftarchive / Learn-LTI

Access the Microsoft Learn http://docs.microsoft.com/learn Catalog of Learning Paths and Modules directly from your Learning Management Systems using the Microsoft Learn LTI application
https://microsoft.github.io/Learn-LTI/
MIT License
126 stars 50 forks source link

Problems going through this process #237

Closed brockettc closed 1 year ago

brockettc commented 1 year ago

First error I receive when trying to go to the URL given at the end of the Azure autoconfigure scripts.

'asked for scope 'user_impersonation' that doesn't exist.'

I followed this to fix it (https://robertschouten.com/2019/06/19/user_impersonation-scope-issue-when-working-with-sharepoint-framework-api-permissions/) - whether that's the right or wrong approach.

Next error was no user id_token.

I followed this to fix it (https://stackoverflow.com/questions/49422588/aadsts70005-response-type-id-token-is-not-enabled-for-the-application) - whether that's the right or wrong approach.

The next error that I get and I have yet to find a solution for is... AADSTS500113: No reply address is registered for the application.

What should the reply address be?

Thanks,

Chris

leestott commented 1 year ago

Can I suggest you unistall the solution ensure your running the versions below - Ensure your running the command from the specific version of the Azure CLI see https://github.com/microsoft/Learn-LTI/blob/main/docs/TROUBLESHOOTING.md

To begin, you will need:

Azure CLI readme about Azure CLI We currently recommend using Microsoft Azure CLI version 2.27.0 To download the MSI installer for specific version, change the version segment in URL https://azcliprod.blob.core.windows.net/msi/**version**.msi and download it. Available versions can be found at Azure CLI release notes. DotNet Core SDK .NET Core 3.1 Node.js Powershell Git An Azure subscription

leestott commented 1 year ago

Please follow https://github.com/microsoft/Learn-LTI/blob/main/docs/DEPLOYMENT_GUIDE.md - Deployment Guide https://github.com/microsoft/Learn-LTI/blob/main/docs/CONFIGURATION_GUIDE.md - Configuration Guide

leestott commented 1 year ago

@brockettc

This should unblock you: MS Learn LTI Missing Permissions

In Azure Portal https://portal.azure.com/

Go to Home/ Lab Directory Apa registration then the name of your MS Learn LTI Tool

image

You need to follow these 4 more steps to ensure the permissions are not a problem

1 We have seen in some case the Batch file only has added the default permission of User.Read.

But we also need to additional permissions please follow the following steps to add the missing permissions.

Please check the following under the Manage Navigation menu of your Application Registration. "Owners" and ensure the email matches the login account - you need to be using this account to login to first setup the config page

image

2 We need to add under "Authentication" the Reply URL with no selection of authorization endpoints. THE URL Should be the URL of your Azure Function App for the Learn LTI

image

3 Needs to add user_impersonation scope under “Expose an API”.

image

4 Need to modify the "Manifest" and update the “optionalClaims” with the following json.

{ 

    "idToken": [], 

    "accessToken": [ 

        { 

            "name": "email", 

            "source": null, 

            "essential": false, 

            "additionalProperties": [] 

        }, 

        { 

            "name": "family_name", 

            "source": null, 

            "essential": false, 

            "additionalProperties": [] 

        }, 

        { 

            "name": "given_name", 

            "source": null, 

            "essential": false, 

            "additionalProperties": [] 

        } 

    ], 

    "saml2Token": [] 

}

You can add these steps directly by modifying the Deploy.ps1 script but you can manually to make it work by simply undertaking the edits above.