Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-53046

External Tool should prefer site-wide configured key/secret

XMLWordPrintable

    • MOODLE_30_STABLE, MOODLE_33_STABLE, MOODLE_34_STABLE
    • MDL-53046-master
    • Hide
      1. Create LTI site wide profile
      2. Go to course and add External Tool
      3. Enter in information (matching URL as configured in site wide profile
      4. Also add some text for secret/key
      5. Verify that the External Tool works despite having a key/secret set at the Tool level.
      Show
      Create LTI site wide profile Go to course and add External Tool Enter in information (matching URL as configured in site wide profile Also add some text for secret/key Verify that the External Tool works despite having a key/secret set at the Tool level.

      According to the LTI spec (http://www.imsglobal.org/specs/ltiv1p2/implementation-guide):

      Basic launches can happen from the TC with any combination of TC-wide and link-level credentials including one or the other, both, or neither being present. When both are present the launch uses the TC-wide secret to sign the request.

      But in Moodle, if you configure a tool at the Site Level and then when an instructor adds an External Tool and mistakenly enters in something for the key/secret, Moodle uses the link-level credentials, instead of the site-wide one.

      This was a problem on our instance, because the password manager that the instructor was using was automatically populating the secret field with the user's Moodle password, because the password manager thought it was a password field.

            Unassigned Unassigned
            rex Rex Lorenzo
            Andrew Lyons Andrew Lyons
            Votes:
            1 Vote for this issue
            Watchers:
            5 Start watching this issue

              Created:
              Updated:
              Resolved:

                Error rendering 'clockify-timesheets-time-tracking-reports:timer-sidebar'. Please contact your Jira administrators.