Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-71319

Safari and LTI 1.3 error without cookies

    XMLWordPrintable

Details

    • Bug
    • Resolution: Cannot Reproduce
    • Minor
    • None
    • 3.9.6
    • LTI External tool
    • None
    • MOODLE_39_STABLE

    Description

      My LTI 1.3 is a deep link embed application and is not using cookies.

       

      In chrome incognito mode with third party cookies disabled it's working, same in Firefox, It's working too with Safari with other LMS, but with Moodle and Safari combination is not working.

       

      Enabling permission to third party cookies in Safari It's working, but I needn't it because i have not cookies in my tool.

       

      This is the flow:

      From /mod/lti/contentitem.php go to my tool login.

      After do a login in my LTI application go to /mod/lti/auth.php.

      and this page return to my tool with this parameters:

      auth.php params

      /mod/lti/auth.php?login_hint=135&lti_message_hint=0&scope=openid&response_type=id_token&lti_deployment_id=11&redirect_uri=https://myurl&state=XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX&nonce=XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX&prompt=none&client_id=XXXXXXXXXXXXXXX&response_mode=form_post

       

      In Chrome and Safari for example It's using the same parameters in the url, but safari with third party cookies disabled it's returning:

       

      Safari result with Third party cookies blocked

       

      error: invalid_request

      state: XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX

       

       

      And with Firefox and Chrome Incognito mode with third party cookies disabled is returning:

       

      Chrome and Firefox with Third party cookies blocked

       

      id_token: my_long_jwt

      state: XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX

       

       

      Having not a error description I suspect it could be this checks from auth.php file:
       

      !empty($scope) && !empty($responsetype) && !empty($clientid) &&      !empty($redirecturi) && !empty($loginhint) &&      !empty($nonce) && !empty($SESSION->lti_message_hint);
      

      Can be the last check from $SESSION and having problems to check it from this iframe in Safari with third party cookies disabled?

       

      Attachments

        Issue Links

          Activity

            People

              Unassigned Unassigned
              dlopezemedia David López
              Votes:
              0 Vote for this issue
              Watchers:
              7 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Clockify

                  Error rendering 'clockify-timesheets-time-tracking-reports:timer-sidebar'. Please contact your Jira administrators.