How to set up LTI 1.3 authentication for Jupyterhub

We want to upgrade our integration of Jupyterhub into our LMS at our university from LTI 1.1 to 1.3. Currently, I am trying to set up ltiauthenticator.lti13.auth.LTI13Authenticator (1.3.0) to work with the saltire LTI platform simulator to exclude any issues coming from the LMS we are using and to have easier debugging.

The relevant helm config (z2jh 1.2.0) looks currently like this:

      authenticator_class: ltiauthenticator.lti13.auth.LTI13Authenticator
      username_key:  "lms_user_id"
      authorize_url: ""
      client_id: ""
      endpoint: "https://<MYHUB.COM>/hub/oauth_callback"
      token_url: "<SOME_HASH>"
    # full path to the RSA private key in PEM format, required by LTI13JWKSHandler.

while on the platform side, I am required to provide:

  • Initiate login URL: https://<MYHUB.COM>/hub/oauth_login
  • Redirection URI(s): [https://<MYHUB.COM>/hub/oauth_callback,]
  • Public keyset URL: https://<MYHUB.COM>/hub/lti13/jwks

Those information are extracted from the /hub/lti13/config endpoint response which may be used by LMS to extract the configuration of a tool.

My problem is that the LTI13Authenticator seems to register only the /hub/lti13/config endpoint. All the other, i.e. /hub/oauth_login, /hub/oauth_callback, /hub/lti13/jwks respond in a 404 : Not found. This also seems to make sense, since the Authenticator overrides the get_handlers method of it’s superclass and thereby preventing the mentioned routes to be set.

So either my understanding of how the authentication is suppose to work is totally wrong, or LTI13Authenticator is fundamentally broken. Any help is very much appreciated.

(@consideRatio @yuvipanda ping)