Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-53046

External Tool should prefer site-wide configured key/secret

    XMLWordPrintable

    Details

    • Testing Instructions:
      Hide
      1. Create LTI site wide profile
      2. Go to course and add External Tool
      3. Enter in information (matching URL as configured in site wide profile
      4. Also add some text for secret/key
      5. Verify that the External Tool works despite having a key/secret set at the Tool level.
      Show
      Create LTI site wide profile Go to course and add External Tool Enter in information (matching URL as configured in site wide profile Also add some text for secret/key Verify that the External Tool works despite having a key/secret set at the Tool level.
    • Affected Branches:
      MOODLE_30_STABLE, MOODLE_33_STABLE, MOODLE_34_STABLE
    • Pull from Repository:
    • Pull Master Branch:
      MDL-53046-master

      Description

      According to the LTI spec (http://www.imsglobal.org/specs/ltiv1p2/implementation-guide):

      Basic launches can happen from the TC with any combination of TC-wide and link-level credentials including one or the other, both, or neither being present. When both are present the launch uses the TC-wide secret to sign the request.

      But in Moodle, if you configure a tool at the Site Level and then when an instructor adds an External Tool and mistakenly enters in something for the key/secret, Moodle uses the link-level credentials, instead of the site-wide one.

      This was a problem on our instance, because the password manager that the instructor was using was automatically populating the secret field with the user's Moodle password, because the password manager thought it was a password field.

        Attachments

          Issue Links

            Activity

              People

              • Votes:
                1 Vote for this issue
                Watchers:
                4 Start watching this issue

                Dates

                • Created:
                  Updated: