Back to Browse
Free
Server data from the Official MCP Registry
Canvas LMS (Instructure) for Claude — courses, grades, assignments, planner, files
About
Canvas LMS (Instructure) for Claude — courses, grades, assignments, planner, files
Security Report
10.0
Low Risk10.0Low RiskValid MCP server (1 strong, 1 medium validity signals). No known CVEs in dependencies. Package registry verified. Imported from the Official MCP Registry. Trust signals: trusted author (5/5 approved).
5 files analyzed · 1 issue found
Security scores are indicators to help you make informed decisions, not guarantees. Always review permissions before connecting any MCP server.
Permissions Required
This plugin requests these system permissions. Most are normal for its category.
What You'll Need
Set these up before or after installing:
Canvas instance base URL, e.g. https://cms.instructure.com
Environment variable: CANVAS_BASE_URL
Canvas personal access token (pick ONE auth mode: this, USERNAME+PASSWORD, COOKIE, or OAuth triple)Required
Environment variable: CANVAS_TOKEN
Canvas login username/email — pair with CANVAS_PASSWORD for auto-login (no SSO/2FA)
Environment variable: CANVAS_USERNAME
Canvas password for auto-login — required iff CANVAS_USERNAME is setRequired
Environment variable: CANVAS_PASSWORD
Pre-minted Canvas session cookie jar (from canvas-parent-mcp-login or qr-login CLI)Required
Environment variable: CANVAS_COOKIE
Canvas OAuth client ID (required if not using CANVAS_TOKEN)
Environment variable: CANVAS_CLIENT_ID
Canvas OAuth client secret (required if not using CANVAS_TOKEN)Required
Environment variable: CANVAS_CLIENT_SECRET
Canvas OAuth refresh token (required if not using CANVAS_TOKEN)Required
Environment variable: CANVAS_REFRESH_TOKEN
Friendly name for the Canvas instance (defaults to the host portion of the base URL)
Environment variable: CANVAS_NAME
How to Install
Add this to your MCP configuration file:
{
"mcpServers": {
"io-github-chrischall-canvas-parent-mcp": {
"env": {
"CANVAS_NAME": "your-canvas-name-here",
"CANVAS_TOKEN": "your-canvas-token-here",
"CANVAS_COOKIE": "your-canvas-cookie-here",
"CANVAS_BASE_URL": "your-canvas-base-url-here",
"CANVAS_PASSWORD": "your-canvas-password-here",
"CANVAS_USERNAME": "your-canvas-username-here",
"CANVAS_CLIENT_ID": "your-canvas-client-id-here",
"CANVAS_CLIENT_SECRET": "your-canvas-client-secret-here",
"CANVAS_REFRESH_TOKEN": "your-canvas-refresh-token-here"
},
"args": [
"-y",
"canvas-parent-mcp"
],
"command": "npx"
}
}
}Documentation
View on GitHubFrom the project's GitHub README.
canvas-parent-mcp
MCP server for Canvas LMS (Instructure), scoped for parent observers and student self-access. Targets https://cms.instructure.com by default but works against any Canvas instance.
Mirrors the read-only parent-portal scope of sibling infinitecampus-mcp. Users interact via the canvas_* tool prefix.
Tools
18 tools across profile, observees, courses, assignments, submissions, grades, calendar, planner, announcements, conversations, discussions, and files.
| Domain | Tools |
|---|---|
| Profile | canvas_get_profile |
| Observees | canvas_list_observees |
| Courses | canvas_list_courses, canvas_get_course |
| Assignments | canvas_list_assignments, canvas_list_missing_submissions |
| Submissions | canvas_get_submission, canvas_list_recent_submissions (default 14d window) |
| Grades | canvas_list_enrollments |
| Calendar | canvas_list_calendar_events, canvas_list_upcoming_events |
| Planner | canvas_list_planner_items |
| Announcements | canvas_list_announcements |
| Conversations | canvas_list_conversations, canvas_get_conversation |
| Discussions | canvas_list_discussion_topics |
| Files | canvas_list_course_files, canvas_download_file |
Tools that the harness will gate as write/IO operations: canvas_download_file.
Configuration
Set the base URL plus one auth mode:
Personal access token (recommended):
CANVAS_BASE_URL=https://cms.instructure.com
CANVAS_TOKEN=your-personal-access-token
CANVAS_NAME=cms # optional, defaults to host portion of base URL
Username/password (auto-login + auto-renew, simplest when tokens are disabled):
CANVAS_BASE_URL=https://cms.instructure.com
CANVAS_USERNAME=me@example.com
CANVAS_PASSWORD=your-canvas-password
The MCP logs in lazily on the first request and silently re-mints cookies on 401, so you never have to re-bootstrap. Direct Canvas accounts only — won't work with SAML/Google/Microsoft SSO or 2FA. Treat .env like a password file: do not commit it.
Session cookie (precomputed, no auto-renewal):
CANVAS_BASE_URL=https://cms.instructure.com
CANVAS_COOKIE=canvas_session=...; pseudonym_credentials=...; ...
OAuth (advanced):
CANVAS_BASE_URL=https://cms.instructure.com
CANVAS_CLIENT_ID=...
CANVAS_CLIENT_SECRET=...
CANVAS_REFRESH_TOKEN=...
Precedence when multiple are set: CANVAS_TOKEN > session env vars (CANVAS_USERNAME+CANVAS_PASSWORD and/or CANVAS_COOKIE) > OAuth. If both CANVAS_COOKIE and username/password are set, the cookie is used initially and username/password is the fallback for re-minting on 401.
See .env.example.
Bootstrapping cookie auth via username/password
When your Canvas admin has disabled personal-access-token creation entirely, the bundled canvas-parent-mcp-login CLI logs in via the same /login/canvas form your browser uses and prints a CANVAS_COOKIE env var:
canvas-parent-mcp-login -b https://cms.instructure.com -u me@example.com >> .env
# Password: ****** (TTY prompt with no echo)
Or piped (no TTY prompt):
canvas-parent-mcp-login -b https://cms.instructure.com -u me@example.com <<< "$PW" >> .env
The "remember me" cookie (pseudonym_credentials) is good for ~2 weeks; re-run the CLI when API calls start returning 401s. Limitations: only works for direct Canvas accounts — institutions using SAML/Google/Microsoft SSO or 2FA cannot use this flow, and the CLI exits with a clear error if it detects an SSO redirect or a missing pseudonym_credentials cookie. Treat the resulting CANVAS_COOKIE value like a password.
Bootstrapping OAuth via the mobile QR code
If your Canvas admin has disabled personal-access-token creation (some institutions restrict tokens to "the mobile app only"), you can mint OAuth credentials by going through the same QR-login flow that the official Canvas mobile apps use:
-
In Canvas web, open Account → QR for Mobile Login — Canvas shows a QR that's valid for 10 minutes.
-
Decode the QR with any QR reader. The result is a URL on
sso.canvaslms.comlikehttps://sso.canvaslms.com/canvas/login?domain=...&code=.... -
Run the bundled helper:
npx canvas-parent-mcp-qr-login "<decoded-qr-url>" >> .envIt hits Canvas's public
mobile_verify.jsonendpoint to fetch the mobile client_id/client_secret, exchanges the QR's one-time code for an access+refresh token pair, and printsCANVAS_BASE_URL/CANVAS_CLIENT_ID/CANVAS_CLIENT_SECRET/CANVAS_REFRESH_TOKENto stdout. The refresh token is sensitive — treat it like a password.
This reuses the same SSO + OAuth endpoints the official Canvas Student/Parent apps use; from Canvas's perspective the resulting session looks like a mobile-app session. Use it only against accounts you legitimately control.
Status
Unofficial — not affiliated with Instructure. AI-maintained.
Reviews
No reviews yet
Be the first to review this server!
More Developer Tools MCP Servers
Git
Freeby Modelcontextprotocol · Developer Tools
Read, search, and manipulate Git repositories programmatically
80.0K
Stars
4
Installs
6.5
Security
No ratings yet
Local
Toleno
Freeby Toleno · Developer Tools
Toleno Network MCP Server — Manage your Toleno mining account with Claude AI using natural language.
137
Stars
425
Installs
8.0
Security
4.8
Local
mcp-creator-python
Freeby mcp-marketplace · Developer Tools
Create, build, and publish Python MCP servers to PyPI — conversationally.
-
Stars
59
Installs
10.0
Security
5.0
Local