ltijs: Grade ScorePublish code 400 bad request with Canvas

I’m having issues posting a grade in Canvas. I’m trying to run the following inside lti.onConnect() callback:

let grade = {
  scoreGiven: 10,
  activityProgress: 'Completed',
  gradingProgress: 'FullyGraded'
}

await lti.Grade.ScorePublish(res.locals.token, grade);

The following is the debug output:

provider:gradeService Target platform: https://canvas.test.instructure.com +0ms
provider:gradeService Attempting to retrieve platform access_token for [https://canvas.test.instructure.com] +3ms
provider:platform Access_token for https://canvas.test.instructure.com not found +0ms
provider:platform Attempting to generate new access_token for https://canvas.test.instructure.com +0ms
provider:auth Awaiting return from the platform +44ms
provider:gradeService Response code 400 (Bad Request) +320ms

error log:

{ level: 'error',
  message:
   'Message: Response code 400 (Bad Request)\nStack: HTTPError: Response code 400 (Bad Request)\n    at EventEmitter.emitter.on (/path-to-test-app/node_modules/got/source/as-promise.js:74:19)\n    at process._tickCallback (internal/process/next_tick.js:68:7)',
  timestamp: '2019-10-14T16:16:14.285Z' }

I can see I don’t have an access token in my database and lti.js is trying to get one from the platform. When I look at the console output of confjwt in Auth.js, it seems like I’m getting the appropriate client ID and endpoint (https://ouruniversity.test.instructure.com/login/oauth2/token) before the jwt sign, so I’m not sure why the request is bad.

Does anyone know what I might be doing wrong or can point me to where I can get more debug information?

About this issue

  • Original URL
  • State: closed
  • Created 5 years ago
  • Reactions: 1
  • Comments: 60 (30 by maintainers)

Most upvoted comments

@Cvmcosta Hi sorry as well its been a while. I think the source of my issues was that i was trying to use a production instance of canvas with https with my localhost that was running http. Once i put up the test server on Heroku i did get the two sides communicating. Unfortunately i didn’t finish working on this as i didn’t have the support of my employer to continue. I can say that i was satisfied this would work but obviously to make sure that both the server and canvas are hosted via https

+1
iceekreeam on Feb 8, 2021

Aaaah, i think i get it. I don’t see how you would be able to do this without altering Ltijs.

You would have to change how Platforms are registered (to use Auth0 instead) and then change how these keys and Platforms are retrieved to get this data from Auth0.

But have in mind that Ltijs already provides all of this functionality, i don’t see a reason to use Auth0. As this person said, LTI doesnt have sign-in, it only uses the Client Credentials grant, and all of this functionality is already implemented.

+1
Cvmcosta on Oct 16, 2020

@Cvmcosta Hi again just to keep the forum updated, i will be testing out your recommendations over the coming days. Once i have an update i will post back to the forum. Thanks again for the help.

+1
iceekreeam on Oct 2, 2020

@Cvmcosta yes, I can launch it, it works as I would expect. I even tried to open it in a new window to avoid any troubles with an iframe. Here is the debug output:

~/ltijs-examples/lti-provider$ DEBUG='provider:*' nodejs index.js 
  provider:main Attempting to connect to database +0ms
(node:239322) DeprecationWarning: current Server Discovery and Monitoring engine is deprecated, and will be removed in a future version. To use the new Server Discover and Monitoring engine, pass option { useUnifiedTopology: true } to the MongoClient constructor.
  provider:database Database connected +0ms
  provider:database Database connection open +1ms
  _   _______ _____       _  _____
 | | |__   __|_   _|     | |/ ____|
 | |    | |    | |       | | (___  
 | |    | |    | |   _   | |\___ \ 
 | |____| |   _| |_ | |__| |____) |
 |______|_|  |_____(_)____/|_____/ 

 LTI Provider is listening on port 56789!

 LTI provider config: 
 >Initiate login URL: /14eed217-2d3c-4975-a381-b69edcb40e0e/port/56789/login
 >App Url: /14eed217-2d3c-4975-a381-b69edcb40e0e/port/56789/start
 >Session Timeout Url: /14eed217-2d3c-4975-a381-b69edcb40e0e/port/56789/sessionTimeout
 >Invalid Token Url: /14eed217-2d3c-4975-a381-b69edcb40e0e/port/56789/invalidToken
-----BEGIN PUBLIC KEY-----
[...]
-----END PUBLIC KEY-----

Deployed!
  provider:main Receiving a login request from: https://moodletest.DOMAIN.com +4s
  provider:main Redirecting to platform authentication endpoint +2ms
  provider:main No cookie found +2s
  provider:main Received request containing token. Sending for validation +0ms
  provider:auth Attempting to retrieve registered platform +0ms
  provider:auth Retrieving key from jwk_set +3ms
  provider:auth Attempting to verify JWT with the given key +185ms
  provider:auth Token signature verified +1ms
  provider:auth Initiating OIDC aditional validation steps +0ms
  provider:auth Validating if aud (Audience) claim matches the value of the tool's clientId given by the platform +0ms
  provider:auth Aud claim: OaHoDdIprwVpaAa +0ms
  provider:auth Checking alg claim. Alg: RS256 +0ms
  provider:auth Checking iat claim to prevent old tokens from being passed. +0ms
  provider:auth Iat claim: 1577793248 +1ms
  provider:auth Current_time: 1577793250.073 +0ms
  provider:auth Time passed: 2.072999954223633 +0ms
  provider:auth Validating nonce +0ms
  provider:auth Nonce: MGD0zs5+OlLaaDZvanzh2g== +0ms
  provider:auth Tool's clientId: OaHoDdIprwVpaAa +0ms
  provider:auth Storing nonce +2ms
  provider:auth Successfully validated token! +0ms
  provider:main Passing request to next handler +213ms
  provider:main Setting up path cookie for this resource with path: /14eed217-2d3c-4975-a381-b69edcb40e0e/port/56789/main +2ms
  provider:auth Cookie found +425ms
  provider:main Passing request to next handler +417ms
  provider:auth Cookie found +2s
  provider:main Passing request to next handler +2s
  provider:gradeService Target platform: https://moodletest.DOMAIN.com +0ms
  provider:gradeService Attempting to retrieve platform access_token for [https://moodletest.DOMAIN.com] +2ms
  provider:platform Access_token found +0ms
  provider:gradeService Access_token retrieved for [https://moodletest.DOMAIN.com] +2ms
  provider:gradeService Response code 401 (Unauthorized) +200ms

I copied the public key and here is a screenshot of these extra settings in moodle

Screenshot from 2019-12-31 13-00-20

+1
haraldschilly on Dec 31, 2019

@Cvmcosta Yes man, that will be great if you have an endpoint to provide the keys. Thanks man and great work

+1
MahmoudAbdo90 on Dec 30, 2019
Read more comments on GitHub
← ltijs: DeepLinking not working (LMS hangs when receiving back the deep link response from ltijs)
ltijs: Invalid session cookies on prod environment →