-
Sub-task
-
Resolution: Fixed
-
Minor
-
None
-
3.2
-
MOODLE_32_STABLE
-
MDL-55753-master -
In moodle we don't want any consumer to be able to access any tool. Instead we want only the specific tool shared to be allowed.
In the LTI library, it only verifies the consumer and secret. We need to verify that the correct tool is being accessed.
Possible solution: extend the Consumer class and add a enrol instance id to each consumer. (Add it to the DB too). Then verify on launch that it's the correct launch path for the consumer's corresponding enrolment instance.
- has to be done after
-
MDL-55752 enrol_lti: Don't use token in launch requests
-
- Closed
-