Closed brockettc closed 1 year ago
Can I suggest you unistall the solution ensure your running the versions below - Ensure your running the command from the specific version of the Azure CLI see https://github.com/microsoft/Learn-LTI/blob/main/docs/TROUBLESHOOTING.md
To begin, you will need:
Azure CLI readme about Azure CLI We currently recommend using Microsoft Azure CLI version 2.27.0 To download the MSI installer for specific version, change the version segment in URL https://azcliprod.blob.core.windows.net/msi/**version**.msi and download it. Available versions can be found at Azure CLI release notes. DotNet Core SDK .NET Core 3.1 Node.js Powershell Git An Azure subscription
Please follow https://github.com/microsoft/Learn-LTI/blob/main/docs/DEPLOYMENT_GUIDE.md - Deployment Guide https://github.com/microsoft/Learn-LTI/blob/main/docs/CONFIGURATION_GUIDE.md - Configuration Guide
@brockettc
This should unblock you: MS Learn LTI Missing Permissions
In Azure Portal https://portal.azure.com/
Go to Home/ Lab Directory Apa registration then the name of your MS Learn LTI Tool
You need to follow these 4 more steps to ensure the permissions are not a problem
1 We have seen in some case the Batch file only has added the default permission of User.Read.
But we also need to additional permissions please follow the following steps to add the missing permissions.
Please check the following under the Manage Navigation menu of your Application Registration. "Owners" and ensure the email matches the login account - you need to be using this account to login to first setup the config page
2 We need to add under "Authentication" the Reply URL with no selection of authorization endpoints. THE URL Should be the URL of your Azure Function App for the Learn LTI
3 Needs to add user_impersonation scope under “Expose an API”.
4 Need to modify the "Manifest" and update the “optionalClaims” with the following json.
{
"idToken": [],
"accessToken": [
{
"name": "email",
"source": null,
"essential": false,
"additionalProperties": []
},
{
"name": "family_name",
"source": null,
"essential": false,
"additionalProperties": []
},
{
"name": "given_name",
"source": null,
"essential": false,
"additionalProperties": []
}
],
"saml2Token": []
}
You can add these steps directly by modifying the Deploy.ps1 script but you can manually to make it work by simply undertaking the edits above.
First error I receive when trying to go to the URL given at the end of the Azure autoconfigure scripts.
'asked for scope 'user_impersonation' that doesn't exist.'
I followed this to fix it (https://robertschouten.com/2019/06/19/user_impersonation-scope-issue-when-working-with-sharepoint-framework-api-permissions/) - whether that's the right or wrong approach.
Next error was no user id_token.
I followed this to fix it (https://stackoverflow.com/questions/49422588/aadsts70005-response-type-id-token-is-not-enabled-for-the-application) - whether that's the right or wrong approach.
The next error that I get and I have yet to find a solution for is... AADSTS500113: No reply address is registered for the application.
What should the reply address be?
Thanks,
Chris