Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Selfhosted Canvas reports "Invalid redirect_uri"

See original GitHub issue

I can register my tool with Moodle, but if I try to register it with my self hosted canvas I get the following error message:

while(1);{"status":"bad_request","message":"Invalid redirect_uri","error_report_id":46}

The target link URL has been added to the Canvas developer key.

The debug log shows the request from canvas.instructure.com, but nothing else.

  provider:main Receiving a login request from: https://canvas.instructure.com +0ms
  provider:main Redirecting to platform authentication endpoint +4ms
  provider:main Target Link URI:  https://xxxxxxxxxxxxxxx/lti +0ms
  provider:main Login request:  +0ms
  provider:main {
  provider:main   response_type: 'id_token',
  provider:main   response_mode: 'form_post',
  provider:main   id_token_signed_response_alg: 'RS256',
  provider:main   scope: 'openid',
  provider:main   client_id: '10000000000002',
  provider:main   redirect_uri: 'https://xxxxxxxxxxxx/lti',
  provider:main   login_hint: '4c2e10446e824efddda2694fdecbf06345d6bdf7',
  provider:main   nonce: 't461ex83bxmwj4xe07b5672dc',
  provider:main   prompt: 'none',
  provider:main   state: 'ca959744d3d3944fe83ac4917cae968eb9e88ba06904213037',
  provider:main   lti_message_hint: 'eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ2ZXJpZmllciI6IjkyMDBhNDRmZWVlNmUzYTNjOTZhY2UzMzViZmMxM2QxNzZkMjljZWZmNDhmNjU4YjBkM2JiNDM0ODZlNThkNWJmNjIwZWIyNjczYzYxMDNmZjUzNDllYTRmZGEwZDQ5NmE2NTU2NTkxMjA5ZDg0OGEyZDZmNjU4ODM5NWRkYzI5IiwiY2FudmFzX2RvbWFpbiI6ImNhbnZhcy5nZ25vLm1lIiwiY29udGV4dF90eXBlIjoiQWNjb3VudCIsImNvbnRleHRfaWQiOjEwMDAwMDAwMDAwMDAyLCJleHAiOjE2MDc5NjEzMTZ9.0K6gOrYUFn5tCwI6FLZ_T1dVPKPWsjyw7PSdTZN_jtM'
  provider:main } +0ms```

Issue Analytics

State:
Created 3 years ago
Comments:10 (5 by maintainers)

Top GitHub Comments

1reaction

GTMtremolocommented, Dec 29, 2020

Hi @Cvmcosta, I have fixed this by turn on Redis cache. Thank you for your support

0reactions

GTMtremolocommented, Dec 28, 2020

I install it from source.

This is dynamic_settings.yml file

production: #tree config: #service canvas: # environment canvas: encryption-secret: “astringthatisactually32byteslong” signing-secret: “astringthatisactually32byteslong” datadog-rum: application_id: “27627d1e-8a4f-4645-b390-bb396fc83c81” client_token: “a1b2c3d4e5f6g7h8i9j0k1l2m3n4o5p6q7r” sample_rate_percentage: 0.0 # Between 0.0 and 100.0; 0.0 disables the feature. live-events: aws_endpoint: http://kinesis.canvaslms.docker kinesis_stream_name: live-events live-events-subscription-service: app-host: “http://les.docker” sad-panda: null math-man: base_url: ‘http://mathman.docker’ use_for_svg: ‘false’ use_for_mml: ‘false’ rich-content-service: app-host: “rce.docker” common_cartridge_viewer: base_url: “http://localhost:3300” fullstory: sampling_rate: ‘0.0’ # randomly inject this fraction of the time app_key: ‘xyzzy’ # another service inst-fs: app-host: “http://api.instfs.docker” # this is just “super-sekret-value”, base64-encoded: secret: “c3VwZXItc2VrcmV0LXZhbHVlCg==” pandata: ios-pandata-key: IOS_pandata_key ios-pandata-secret: teamrocketblastoffatthespeedoflight android-pandata-key: ANDROID_pandata_key android-pandata-secret: surrendernoworpreparetofight

private: canvas: auditors.yml: | write_paths: - active_record read_path: active_record # datadog_apm.yml: | # sample_rate: 0.0 # host_sample_rate: 0.0 # use a unique subdomain per attachment, so that browsers will enforce security # permissions (such as microphone/camera access) per-file. You must have wildcard # DNS set up for this to work. # attachment_specific_file_domain: true # ha_cache.yml: | # cache_store: ha_store # servers: # - redis://localhost/2 # # keep stale data for up to 1 week in the cache # race_condition_ttl: 604800 # # how long it might take to recompute a cache value # # before the lock times out and another process is # # allowed to write it # lock_timeout: 5 # # how long before a cache entry is considered stale # expires_in: 300 # # when deleting from the cache, trigger a consul event # # you can use the example script/consume_consul_events # # to delete from local nodes, but may need to tweak # # slightly if your config doesn’t match # consul_event: “canvas/dev/invalidate_ha_cache” # # if configured, trigger the event in multiple Consul # # datacenters, rather than just the local one # # if you use this you SHOULD still list the local # # dc; it won’t be added for you # consul_datacenters: # - dc1 # - dc2 # clone_url_strand.yml: | # lti1.instructure.com: lti1 # lti2.instructure.com: lti2 # csp_logging.yml: | # host: https://csplogging.inscloudgate.net/ # shared_secret: s00p3r_s3cr3t store: canvas: lti-keys: # these are all the same JWK but with different kid # to generate a new key, run the following in a Canvas console: # # key = OpenSSL::PKey::RSA.generate(2048) # key.public_key.to_jwk(kid: Time.now.utc.iso8601).to_json jwk-past.json: “{"kty":"RSA","e":"AQAB","n":"uX1MpfEMQCBUMcj0sBYI-iFaG5Nodp3C6OlN8uY60fa5zSBd83-iIL3n_qzZ8VCluuTLfB7rrV_tiX727XIEqQ","kid":"2018-05-18T22:33:20Z","d":"pYwR64x-LYFtA13iHIIeEvfPTws50ZutyGfpHN-kIZz3k-xVpun2Hgu0hVKZMxcZJ9DkG8UZPqD-zTDbCmCyLQ","p":"6OQ2bi_oY5fE9KfQOcxkmNhxDnIKObKb6TVYqOOz2JM","q":"y-UBef95njOrqMAxJH1QPds3ltYWr8QgGgccmcATH1M","dp":"Ol_xkL7rZgNFt_lURRiJYpJmDDPjgkDVuafIeFTS4Ic","dq":"RtzDY5wXr5TzrwWEztLCpYzfyAuF_PZj1cfs976apsM","qi":"XA5wnwIrwe5MwXpaBijZsGhKJoypZProt47aVCtWtPE"}” jwk-present.json: “{"kty":"RSA","e":"AQAB","n":"uX1MpfEMQCBUMcj0sBYI-iFaG5Nodp3C6OlN8uY60fa5zSBd83-iIL3n_qzZ8VCluuTLfB7rrV_tiX727XIEqQ","kid":"2018-06-18T22:33:20Z","d":"pYwR64x-LYFtA13iHIIeEvfPTws50ZutyGfpHN-kIZz3k-xVpun2Hgu0hVKZMxcZJ9DkG8UZPqD-zTDbCmCyLQ","p":"6OQ2bi_oY5fE9KfQOcxkmNhxDnIKObKb6TVYqOOz2JM","q":"y-UBef95njOrqMAxJH1QPds3ltYWr8QgGgccmcATH1M","dp":"Ol_xkL7rZgNFt_lURRiJYpJmDDPjgkDVuafIeFTS4Ic","dq":"RtzDY5wXr5TzrwWEztLCpYzfyAuF_PZj1cfs976apsM","qi":"XA5wnwIrwe5MwXpaBijZsGhKJoypZProt47aVCtWtPE"}” jwk-future.json: “{"kty":"RSA","e":"AQAB","n":"uX1MpfEMQCBUMcj0sBYI-iFaG5Nodp3C6OlN8uY60fa5zSBd83-iIL3n_qzZ8VCluuTLfB7rrV_tiX727XIEqQ","kid":"2018-07-18T22:33:20Z","d":"pYwR64x-LYFtA13iHIIeEvfPTws50ZutyGfpHN-kIZz3k-xVpun2Hgu0hVKZMxcZJ9DkG8UZPqD-zTDbCmCyLQ","p":"6OQ2bi_oY5fE9KfQOcxkmNhxDnIKObKb6TVYqOOz2JM","q":"y-UBef95njOrqMAxJH1QPds3ltYWr8QgGgccmcATH1M","dp":"Ol_xkL7rZgNFt_lURRiJYpJmDDPjgkDVuafIeFTS4Ic","dq":"RtzDY5wXr5TzrwWEztLCpYzfyAuF_PZj1cfs976apsM","qi":"XA5wnwIrwe5MwXpaBijZsGhKJoypZProt47aVCtWtPE"}”

Top Results From Across the Web

Troubleshooting: Redirect_uri does not match client settings

This issue typically applies to self-hosted instances of Canvas. Solution: If creating a developer key does not resolve the issue, then our support...

Platform settings for self-hosted Canvas · Issue #58 - GitHub

Hi, I installed Canvas and self-hosting it on our own server. I am confused about the platform settings for this type of setup....

facebook - "message": "Invalid redirect_uri:" - Stack Overflow

This error is almost always when you're trying to redirect the user to a URL other than your app or website, check that...

Visit homepage BASE_URL; Click on “Login to Squidex” button; Displays the popup with Operation failed Invalid redirect_uri message ...

Upgrading Self hosted Canvas LMS to latest version

Hello everyone! What is the correct way to upgrade a self-hosted Canvas LMS to the latest version? We've tried to follow Upgrading ·...