Discourse Learning Management System Integration (LTI 1.3 Authentication)

Plugin
,
1
:discourse2: Summary Discourse LTI allows Discourse to integrate with a number of learning management systems via the LTI 1.3 standard.
:hammer_and_wrench: Repository Link https://github.com/discourse/discourse-lti
:open_book: Install Guide How to install plugins in Discourse

This plugin implements the LTI 1.3 standard for authentication, which is supported by a number of learning management systems. Discourse acts as a “Tool” within the LTI standard. Once configured, users will be able to click a button/link on the learning management system, and instantly be logged into Discourse.

Precise setup instructions will vary based on your Learning Management System. But in general:

  1. Create a new “Tool” entry in your learning management system
  • LTI Version: 1.3
  • Launch URL: any URL on your site. Users will be directed here after login
  • Auth Request URL: https://<your-discourse-site>/auth/lti/initiate
  • Redirect URL: https://<your-discourse-site>/auth/lti/callback
  • Tool Public Key - leave blank. Discourse never sends data to the LMS

  1. In your LMS, find the 'Authorization endpoint", “Tool Client ID”, “Platform Issuer ID”, and the “Platform Public Key”, and add them to the relevant site settings in Discourse. In Discourse, the settings can be found by searching for lti in the Discourse site settings UI.

  2. If your learning management system guarantees User emails have been validated, enable the lti email verified site setting. :warning: Warning: If your LMS does not verify emails, enabling lti email verified is a security risk.

  3. Turn on the lti enabled site setting

If these instructions don’t make sense for your LMS, please post in the topic below and we’ll do our best to update the instructions accordingly.

What if my site is invite_required?

If you want your users to go through the Discourse invite redemption flow when they first log in, you can use LTI “Custom Properties” to specify a Discourse invite link. New users will be directed to the invite, while existing users will be sent to the regular launch URL. For example:

Property Name Property Value
discourse_invite_link https://discourse.example.com/invites/abcdefg
21 Likes
15

Do you have specific instructions for integrating the LTI integration with Canvas LMS?

16

You’ll need your admins to be the ones to do the integration

17

I am one of our admins and also a software engineer. I think the issue I am having has to do with cookies and the “state” between discourse and Canvas not matching.

This is the error I am getting in Discourse logs

(lti) Authentication failure! state_mismatch: StandardError, State parameter did not match the session

I think that error is getting thrown from here: discourse-lti/lib/discourse_lti/lti_omniauth_strategy.rb at main · discourse/discourse-lti · GitHub

Any ideas or things i can look into to help debug this? On this page in the Canvas Docs: Overview of an LTI Launch <a name="launch-overview"></a> - Canvas LMS REST API Documentation

There is a Launching without Cookies section that I think is relevant here. But I am not 100% sure. Any help or insights would be greatly appreciated.