Details
-
Type:
Improvement
-
Status: Closed
-
Priority:
Minor
-
Resolution: Fixed
-
Affects Version/s: 3.7.2
-
Fix Version/s: 3.9
-
Component/s: External Tool (IMS-LTI)
-
Labels:
-
Testing Instructions:
-
Affected Branches:MOODLE_37_STABLE
-
Fixed Branches:MOODLE_39_STABLE
-
Pull from Repository:
-
Pull Master Branch:
-
Pull Master Diff URL:
Description
Moodle must know the tool public key in order to verify tool originating requests (token/deep linking return).
The current registration allows a tool to copy/paste its public key in PEM format. This is a bit cumbersome to exchange and, more importantly, makes the ability for the tool to rotate its keys a difficult proposition.
Rather, it is more and more common for a tool to expose a JSON Webkey Set URL that exposes its public keys. This is identical to how Moodle exposes its public key to tools.
AC:
- As an admin, I want to have the option enter a tool JWKS Url in place of an actual public key
Note:
Moodle will rely on kid headers in JWT to identify which key to use in a keyset.
Moodle will cache the keyset URL and only reload in case of cache miss (kid not in keyset)
Attachments
Issue Links
- blocks
-
MDL-67301 Implement LTI 1.3 Dynamic Registration
-
- Closed
-