This document represents the research I have done while building this library, with useful links to documentation that may be of use to people working on it.
The Canvas docs describing LTI launches are a lot less dense than the spec. They are useful to get an overview of what the relationship between the services actually needs to be.
The LTI 1.3 spec is available here.
Note that LTI 2.0 is a successor to LTI 1.1 using the same authentication technology determined to be obsolete, whereas LTI 1.3 is a rewrite with new auth technology.
- One or more
client_idper platform; see Canvas docs for what this practically looks like - One
deployment_idper context (context: course/section/unit of instruction) - Reference LTI 1.3 implementation available for testing uses here
- Full link request
- JWK public key JSON URL
- Authentication redirect URL: we need to validate this is the same as the token gives us
client_id, because we need to validate that it is inaudof the JWKs issued by the Platform
http://www.imsglobal.org/spec/security/v1p0/#authentication-response-validation
We also have to provide these things:
http://www.imsglobal.org/spec/lti/v1p3/#additional-login-parameters