"Ltiaas mode" Documentation Clarification?

[scalebig]

Describe the bug We just need clarification on Ltiaas mode. Safari on iOS by default locks down third party cookies. It causes a bunch grief for our Canvas users using iPads (coming in from many different universities)

Our system has the following settings for prod:

          cookies:
            secure: true
            sameSite: None
          devMode: false               

However if we set Ltiaas to true will that eliminate the need for the cookies? Seems like that should be the default if its using ltik as the key for the store. Asking another way, whats the cookie use case vs no cookies?

Thanks in advance!

[Cvmcosta]

Hello @scalebig ltiaas mode is just to remove the cookie check when accessing routes created using ltijs. It does not affect the cookie used as part of the LTI launch handshake, the state cookie. The only way to disable the state cookie validation is by setting devMode to true, this, however, will make your ltijs server not fully compliant to the LTI spec.