Registration
Last updated
Last updated
Copyright © 2024 Instructure, Inc. All rights reserved.
In order to enable an Administrator to install an application in Canvas, a tool can support the automated registration process, built on the Dynamic Registration specification mentioned here. This replaces the manual configuration process previously used to install applications to Canvas.
The automated registration process allows tools to install themselves into Canvas automatically without requiring an Administrator to manually enter configuration values. Tools provide a Canvas administrator with a pre-determined URL, which the user enters into Canvas. Canvas will direct the user to that URL, where the tool can request Canvas' OpenID configuration and provide the user with an installation UI, where they can choose tool-specific settings. The tool then installs itself using a registration token to access the registration REST JSON service. After installing, the user is returned to Canvas to confirm the installation and enable the tool.
The first part of the registration process is the registration initiation request. When an administrator enters the tool's dynamic registration URL, Canvas redirects the user with a GET request by embedding an iframe pointed to that URL with two parameters added, openid_configuration, and registration_token. The openid_configuration parameter contains the URL that the tool can use to retrieve Canvas' OpenID Configuration, and the registration_token parameter is the token used to access that URL.
At the registration initiation url, the tool should show a UI that guides the user through setting up a registration. This can include deployment-specific options for the tool. The tool can also guard this UI with a login, access code, or some other form of authentication, since the dynamic registration URL is meant to be shared publicly.
During registration, the tool can request Canvas' OpenID configuration by sending a GET request to the url included in the openid_configuration redirect url. The tool also needs to include the registration_token in the GET request, as the bearer token in the Authorization http header:
Canvas' Open ID configuration contains details about itself that the tool can use to make decisions. It contains claims supported, message types, placements, variables, and information about the account the administrator is installing the tool into.
A example response looks like:
Canvas includes a URL in the OpenID configuration under the registration_endpoint key which can be used by the tool to create a registration. The tool must send a POST request to this endpoint with the tool's LTI Registration in the body and the registration_token as the bearer token in the Authorization http header.
An example request looks like:
example LTI Registration body:
Upon successful creation, the registration endpoint will respond with the created registration, along with an additional field, client_id:
The tool will use this client_id when requesting tokens and accessing LTI Services.
After the registration is created successfully, the tool should return the user to Canvas by sending a post message to the parent Canvas window:
Canvas will listen for this message and close the iframe, presenting the user with a summary of the registration the tool returned. The administrator will then be able to make some modifications to the registration. It's important to note that these modifications may alter how the tool is finally configured and launched. For example, the tool may request a certain number of scopes, but the administrator could restrict access to certain scopes. The tool should detect this and warn the user if modifications need to be made to the configuration.
© Instructure, Inc. Generated on Wed Nov 6 14:19:59 2024 This documentation is generated directly from the Canvas LMS source code, available on Github.
| Name | Type | Required | Description |
|---|---|---|---|
| Name | Type | Required | Description |
|---|---|---|---|
| Name | Type | Required | Description |
|---|---|---|---|
application_type
"web"
yes
grant_types
["client_credentials", "implicit"]
yes
initiate_login_uri
string
yes
The url that Canvas should use to initiate an LTI launch request
redirect_uris
string
yes
Any urls that the tool can launch to.
response_types
"id_token"
yes
client_name
string
yes
The name of the tool as it will appear to Administrators maintaining the integration
jwks_uri
string
yes
The url of the tool's JSON Web Key Set
token_endpoint_auth_method
"private_key_jwt"
yes
scope
string
yes
A space-separated list of scopes the tool requests access to.
https://purl.imsglobal.org/spec/lti-tool-configuration
yes
none
domain
string
yes
The primary domain used by this tool.
secondary_domains
Array
no
Additional domains used by this tool.
target_link_uri
string
yes
The default launch url if not defined in a message
custom_parameters
JSON object
no
Custom parameters to be included in each launch. Values must be a string
description
string
no
A short description of the tool.
messages
Array<message>
yes
Messages supported by the tool.
claims
Array
yes
An array of claims to be included in each launch token.
https://canvas.instructure.com/lti/privacy_level
"public" | "name_only" | "email_only" | "anonymous"
no
The tool's default privacy level, (determines the PII fields the tool is sent.) defaults to "anonymous"
https://canvas.instructure.com/lti/tool_id
string
no
This is a tool-provided value that can be anything, and tools often use it to correlate themselves across deployments. Same as the tool_id field within the extensions array in the LTI 1.3 manual configuration JSON.
type
"LtiResourceLinkRequest" | "LtiDeepLinkingRequest"
yes
The message type.
target_link_uri
string
no
The URL to launch to.
label
string
no
The user-facing label to show when launching a tool.
icon_uri
string
no
URL to an icon that will be added to the link (only for applicable placements)
custom_parameters
JSON object
no
Custom parameters to be included in each launch. Values must be a string
placements
Array
no
An array of placements to apply to this launch
https://canvas.instructure.com/lti/course_navigation/default_enabled
boolean
no
Only applies if the placement is "course_navigation". If false, the tool will not appear in the course navigation bar, but can still be re-enabled by admins and teachers. Defaults to 'true'. See the "default" setting as discussed in the Navigation Tools docs.
https://canvas.instructure.com/lti/visibility
"admins" | "members" | "public"
no
Determines what users can see a link to launch this message. The "admins" value indicates users that can manage the link can see it, which for the Global Navigation placement means administrators, but in courses means administrators and instructors. The "members" value indicates that any member of the context the link appears in can see the link, and "public" means visible to all.
