Skip to main content
Glama

Canvas MCP Server

A proper MCP (Model Context Protocol) server that connects Canvas LMS to AI assistants like Claude Desktop.

Features

  • Proper MCP Protocol: Implements Streamable HTTP transport with JSON-RPC

  • Personal Access Token Auth: Students set up in 2 minutes (no admin access needed)

  • Multi-Institution Support: Works with any Canvas instance

  • Encrypted Storage: Canvas tokens encrypted at rest with AES-256-GCM

  • Session Persistence: Sessions survive server restarts (stored in SQLite)

  • Built with Bun: Fast, modern TypeScript using @modelcontextprotocol/sdk

Quick Start

# Install dependencies bun install # Generate encryption key bun run generate-key # Copy and configure environment cp .env.example .env # Add the generated encryption key to .env # Run development server bun dev

Visit http://localhost:3000 to connect your Canvas account.

How It Works

  1. Web Interface: Students enter Canvas domain + Personal Access Token

  2. Verification: Server validates token by calling Canvas API

  3. Token Storage: Canvas token encrypted and stored server-side

  4. MCP Token: User receives an MCP connection token for their AI client

  5. MCP Protocol: AI client connects to /mcp endpoint with Bearer token

  6. Canvas Proxy: Server proxies tool calls to Canvas using stored token

MCP Tools

  • list_courses: List Canvas courses with enrollment filtering

  • search_assignments: Search assignments across courses

  • get_assignment: Get detailed assignment information

Client Configuration

After connecting your Canvas account, add this to Claude Desktop config:

{ "mcpServers": { "canvas": { "url": "https://canvas.dunkirk.sh/mcp", "headers": { "Authorization": "Bearer YOUR_MCP_TOKEN_HERE" } } } }

Architecture

  • MCP Server: @modelcontextprotocol/sdk with Streamable HTTP transport

  • Web Dashboard: Bun.serve with HTML/CSS/JS (no frameworks)

  • Database: SQLite with encrypted Canvas tokens and persistent sessions

  • Transport: JSON-RPC over HTTP POST at /mcp endpoint

Security

  • Canvas tokens encrypted with AES-256-GCM before storage

  • MCP tokens hashed with Argon2id (cannot be retrieved after creation)

  • Sessions stored in database (survive restarts)

  • HTTPS enforced in production

  • No Canvas tokens exposed to MCP clients

Deployment

Deployed at: https://canvas.dunkirk.sh

The canonical repo is hosted on tangled at knot.dunkirk.sh/canvas-mcp

-
security - not tested
F
license - not found
-
quality - not tested

Latest Blog Posts

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/taciturnaxolotl/canvas-mcp'

If you have feedback or need assistance with the MCP directory API, please join our Discord server