Java Backend Engineer – Canvas LMS LTI 1.3 Integration

We are a lean, high-performance Higher Ed SaaS company looking to hire an expert Java backend developer to build a clean, secure, and production-ready LTI 1.3 / LTI Advantage core integration for our platform. Our target platform is Canvas LMS. However, because we prioritize architectural independence and IP protection, you will build this strictly using the open 1EdTech (IMS Global) LTI 1.3 specification using an existing production-grade Java library—NOT custom raw cryptography and NOT the academic IMS Reference Implementation. The successful completion of this project will hide our internal application logic entirely behind a secure iFrame/wrapper window, allowing third-party universities to seamlessly deploy our SaaS inside their Canvas instances via custom Developer Keys. 🎯 Project Scope 1. Framework & Library Setup: Integrate a reliable Java LTI 1.3 library ecosystem into our existing codebase (e.g., Spring Security LTI architecture or 1EdTech Java LTI core libraries). 2. Endpoint Implementation: Develop and expose exactly five secure REST controllers/endpoints: o OIDC Login Initiation Endpoint: Handle the initial handshake redirect from Canvas. o LTI Launch Endpoint: Receive, parse, and securely validate the RS256 JWT from Canvas, establishing a secure user session mapped to the incoming role claims (Instructor vs. Learner). o JWKS Endpoint (/jwks): Expose our public JSON Web Key Sets for Canvas to verify signatures. o Deep Linking Return Endpoint: Enable instructors to seamlessly choose assignments/modules within our tool and pass structured JSON payloads back to Canvas. o Assignment & Grade Services (AGS) Client (Optional): Formulate a secure Java HTTP client to POST scores back to Canvas gradebooks. 3. Key Management: Configure secure generation and automatic hosting of RSA public/private key pairs. 💰 Budget, Timeline, & Payment Structure • Contract Type: Fixed-Price, Single Lump-Sum. • Total Project Budget: $1,500 • Target Timeline: 1 to 2 weeks. • Payment Terms: Payment will be held in Upwork escrow and released as a single 100% lump-sum payment only upon absolute completion and validation of all deliverables. 🛠️ Required Qualifications • Senior-level Java developer with extensive experience in Spring Boot / Spring Security or equivalent enterprise Java stacks. • Deep, proven experience implementing OAuth2, OpenID Connect (OIDC), JWTs, and JWKS architectures. • Previous hands-on experience building LTI 1.3 / LTI Advantage integrations for Higher Ed platforms (Canvas, Blackboard, Moodle, or Brightspace). Mandatory Requirement. • Ability to push progress to our private repository at least twice a week during development. 🏁 Definition of Done (Strict Criteria for 100% Full Payment) The single $1,500 lump-sum payment will be released immediately when the following three criteria are met: 1. Functional Completeness: All 5 core endpoints are fully functional in our staging environment, allowing seamless OIDC routing, secure role mapping, and Deep Linking. 2. Automated Validation Pass: The final code compiles without errors, has zero hardcoded keys, and successfully passes all test cycles in the official 1EdTech Conformance Certification Suite (verifying token integrity, signatures, and state parameters). 3. Handoff Documentation: Delivery of a clean, 1-page integration metadata guide detailing our backend endpoints, scopes, and setup instructions so our internal team can present it to university IT administrators. 📋 Screening Questions (Must Be Answered to Apply) 1. LTI Verification: Link us to a GitHub repo or explain a project where you have implemented an LTI 1.3 integration in Java. What specific library did you use? 2. The Handshake Protocol: In an LTI 1.3 launch, why is the OIDC login initiation step required before the actual LTI launch POST payload arrives? What specific attack vector does this protect against? 3. Weekly Progress: Are you comfortable pushing code to our staging repository at least twice a week so we can monitor development velocity? 4. Payment Terms Agreement: Do you explicitly agree to the single $1,500 lump-sum payout structure contingent upon passing the 1EdTech Conformance test suite?