Product
Announcing Precomputed Reachability Analysis in Socket
Socket’s precomputed reachability slashes false positives by flagging up to 80% of vulnerabilities as irrelevant, with no setup and instant results.
By Martin Torp - Jul 30, 2025
You're Invited:Meet the Socket Team at BlackHat and DEF CON in Las Vegas, Aug 4-6.RSVP →
caccl-canvas-partial-simulator
Advanced tools
caccl-canvas-partial-simulator
Partially simulates a Canvas instance, handling OAuth token exchanges and forwarding API requests
caccl-canvas-partial-simulator
Partially simulates a Canvas instance, handling OAuth token exchanges and forwarding API requests.
As an LTI app developer, you want to be able to test your app, simulating the process of launching your app and running through the oauth2 handshake to approve your Canvas app and get a Canvas access token on behalf of the user. In many settings, Canvas is managed by central IT and is surrounded by protocol and policy. This often makes it slow or difficult to add test apps to the list of approved Canvas integrations. Usually, you'll need to get every single development instance of your app approved to interact with Canvas. Finally, when developing on localhost, for your app to go through the oauth2 handshake, Canvas would need to have localhost set as an approved integration. This is obviously a terrible idea.
To remedy this situation, we've created this partial Canvas simulator. It simulates the login/oauth2/token and login/oauth2/auth endpoints and makes it easy to simulate LTI course navigation launches. For all other Canvas requests (API, for example), we just forward those requests to your actual Canvas instance. In this way, you can test your LTI app on a real Canvas instance, without needing credentials and approval for your app.
All you need to get started is an accessToken (that will be returned from the oauth2 handshake) and a real canvasHost (the real Canvas instance we will forward non-oauth requests to).
Setup:
- Initialize this Canvas simulation:
const initCanvasSimulation = require('canvas-partial-simulator');
initCanvasSimulation({
accessToken: /* real access token for a user in Canvas */,
canvasHost: /* the hostname for the real Canvas instance */,
launchURL: /* optional launch URL of the app, defaults to localhost/launch */,
});
-
Set your app's client id to
client_idand its client secret toclient_secret. These are your app's developerCredentials, not installationCredentials. -
Set your app's consumer key to
consumer_keyand its consumer secret toconsumer_secret. These are your app's installationCredentials. -
Set your app's canvasHost to
localhost:8088.
Usage:
Simulated LTI launches
To simulate an LTI launch, visit: https://localhost:8088/course/:courseid.
FAQs
Partially simulates a Canvas instance, handling OAuth token exchanges and forwarding API requests
The npm package caccl-canvas-partial-simulator receives a total of 398 weekly downloads. As such, caccl-canvas-partial-simulator popularity was classified as not popular.
We found that caccl-canvas-partial-simulator demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Package last updated on 29 Aug 2019
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Product
Socket Now Protects the Chrome Extension Ecosystem
Socket is launching experimental protection for Chrome extensions, scanning for malware and risky permissions to prevent silent supply chain attacks.
By Mix Irving, Alexandros Kapravelos, Eli Insua - Jul 30, 2025
Product
Introducing Socket MCP for Claude Desktop
Add secure dependency scanning to Claude Desktop with Socket MCP, a one-click extension that keeps your coding conversations safe from malicious packages.
By Alexandros Kapravelos - Jul 29, 2025