Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-74221

Identify registrations using local id to support cases where remote client_id isn't provided

    XMLWordPrintable

Details

    • MOODLE_400_STABLE
    • MOODLE_400_STABLE
    • MDL-74221-master
    • Hide

      Prerequisites

      Two sites are required for testing this feature and they must be able to communicate with one another.

      1. LTI platform (formerly known as consumer)
      2. LTI tool (formerly known as provider).
        Important: If you're testing locally, you'll need to disable the 'Blocked hosts' setting in BOTH sites. You can find it in Site administration ► Security ► HTTP security. You'll need to clear the values and save.
      3. In the tool site, create a course with:
        • One assignment
        • One file resource
      4. Enrol a teacher t1 in the course
      5. In the platform site, create a course
      6. Enrol two teachers: t1 and t2
      7. Enrol one student, s1

      Enable the 'Publish as LTI tool' feature in the 'tool' site

      1. Log in to the tool site as an administrator.
      2. Follow Site administration ► Security ► HTTP security and enable 'Allow frame embedding'.
      3. Follow Site administration ► Plugins ► Authentication ► Manage authentication' and enable the 'LTI' authentication plugin.
      4. Follow Site administration ► Plugins ► Enrolments ► Manage enrol plugins and enable 'Publish as LTI tool'.

      Register the tool and platform

      1. Log in to the tool site as an admin user
      2. Follow Site administration ► Plugins ► Enrolments ► Publish as LTI tool ► Tool registration
      3. Click "Register a platform"
      4. Enter "Moodle LMS" when prompted for a name and click "Continue"
      5. When you see the tool details on the next screen, copy the registration URL to clipboard using the icon next to the URL
      6. Now, in a separate browser tab, log in to the platform site as an administrator
      7. Follow Site administration ► Plugins ► Activity modules ► External tool ► Manage tools
      8. Paste the registration URL into the "Tool URL..." field and press "Add LTI Advantage"
      9. When the page reloads and you see the tool card in the list of tools, click to edit the settings of the tool
      10. Make sure the following are set:
        1. Set "Tool configuration usage" to "Show in activity chooser and as a preconfigured tool"
        2. Expand "Privacy" and set "Share launcher's name with tool" to "Delegate to teacher"
        3. Again in "Privacy", set "Share launcher's email with tool" to "Delegate to teacher"
      11. Set the name of the tool to "QA test tool" and save the tool configuration
      12. Click "Activate" on the tool card.

      Publish a course, activity and resource on the tool site

      1. Log in to the tool site as the teacher t1
      2. Visit the course
      3. Follow Course administration ► Published as LTI tools (you can access this page using the secondary navigation menu in Boost)
      4. Make sure you're on the LTI Advantage tab
      5. Add a new instance, setting 'Tool to be published' to the course.
      6. Add a new instance, setting 'Tool to be published' to the assignment
      7. Add a new instance, setting 'Tool to be published' selected to the file resource.
      8. Verify you now have 3 published items
      9. Log out of the tool site now.

      On the platform site

      1. Log in as teacher t1 and visit the course.
      2. Click to add an activity or resource
      3. Select "QA test tool" from the activity chooser
      4. On the activity edit view, click "Select content"
      5. Verify you're presented with a popup containing a message asking you to first sign in to the tool site in another tab.
      6. Follow the instructions, signing in to the tool site as teacher t1 in another tab.
      7. In the platform view, close the popup and click "Select content" again
      8. Verify you're prompted to link the account you just signed in to the tool with
      9. Click to link the account and continue when you see the success message
      10. Verify you now see a list of published resources/activities including the 3 items you published earlier
      11. Check the "Add to course" box for the course
      12. Verify the "Add to gradebook" checkbox is automatically ticked.
      13. Click "Add content"
      14. Save the activity

      Now simulate a platform which omits client_id

      We need to modify the code in the tool site to test this next part.
      1. Edit enrol/lti/login.php and change this part:

      global $_REQUEST;
      

      to this:

      global $_REQUEST;
      unset($_REQUEST['client_id']);
      

      and save the file.
      2. Now, go to the platform site and try to launch the activity again.
      3. Verify you can launch into the activity

      Upgrade test

      1. Checkout 34ce1463ccc65 and install a site using this weekly hash.

      On a new, uninstalled clone of integration_master:

      git checkout 34ce1463ccc65
      

      Then install the site

      2. Go to Site admin > Plugins > Enrolments > Manage enrol plugins and enable "Publish as LTI tool"
      3. Go to Site admin > Plugins > Auth > Manage auth and enable auth_lti
      4. Go to Site admin > Plugins > Enrolments > Publish as LTI tool > Tool registration
      5. Create a new platform registration, entering dummy data for the name, clientid, and various URLs. Make sure this is saved and you can see the registration in the table.
      6. Click to generate a new dynamic registration URL
      7. Now, checkout master

      git checkout master
      

      8. Run the site upgrade
      9. Verify you see no errors
      10. Go to Site admin > Plugins > Enrolments > Publish as LTI tool > Tool registration
      11. Verify:

      • You see a single 'active' registration (your prior registration, upgraded)
      • You don't see any dynamic registration URL

      12. Click 'Edit' on the registration
      13. Verify:

      • You see the various name, clientid, url values you entered before

      14. Click the "Tool details" tab
      15. Verify:

      • You see two sections: Dynamic registration and Manual registration, one below the other
      • You see a 'token' param in the dynamic registration URL
      • You see an 'id' param in the initiate login URL
      • the value of 'token' matches that of 'id'

      Icon fallback test

      This just confirms we see the correct icons in tool registration when the fontawesome icon system is disabled.
      1. Edit theme/boost/config.php and comment out the following line like so.

      // $THEME->iconsystem = \core\output\icon_system::FONTAWESOME;
      

      2. Go to Site admin > Plugins > Enrolments > Publish as LTI tool > Tool registration
      3. Make sure you're using the boost theme
      4. Verify the icons next to the registration look like this:

      Show
      Prerequisites Two sites are required for testing this feature and they must be able to communicate with one another. LTI platform (formerly known as consumer) LTI tool (formerly known as provider). Important : If you're testing locally, you'll need to disable the 'Blocked hosts' setting in BOTH sites. You can find it in Site administration ► Security ► HTTP security. You'll need to clear the values and save. In the tool site, create a course with: One assignment One file resource Enrol a teacher t1 in the course In the platform site, create a course Enrol two teachers: t1 and t2 Enrol one student, s1 Enable the 'Publish as LTI tool' feature in the 'tool' site Log in to the tool site as an administrator. Follow Site administration ► Security ► HTTP security and enable 'Allow frame embedding'. Follow Site administration ► Plugins ► Authentication ► Manage authentication' and enable the 'LTI' authentication plugin. Follow Site administration ► Plugins ► Enrolments ► Manage enrol plugins and enable 'Publish as LTI tool'. Register the tool and platform Log in to the tool site as an admin user Follow Site administration ► Plugins ► Enrolments ► Publish as LTI tool ► Tool registration Click "Register a platform" Enter "Moodle LMS" when prompted for a name and click "Continue" When you see the tool details on the next screen, copy the registration URL to clipboard using the icon next to the URL Now, in a separate browser tab, log in to the platform site as an administrator Follow Site administration ► Plugins ► Activity modules ► External tool ► Manage tools Paste the registration URL into the "Tool URL..." field and press "Add LTI Advantage" When the page reloads and you see the tool card in the list of tools, click to edit the settings of the tool Make sure the following are set: Set "Tool configuration usage" to "Show in activity chooser and as a preconfigured tool" Expand "Privacy" and set "Share launcher's name with tool" to "Delegate to teacher" Again in "Privacy", set "Share launcher's email with tool" to "Delegate to teacher" Set the name of the tool to "QA test tool" and save the tool configuration Click "Activate" on the tool card. Publish a course, activity and resource on the tool site Log in to the tool site as the teacher t1 Visit the course Follow Course administration ► Published as LTI tools (you can access this page using the secondary navigation menu in Boost) Make sure you're on the LTI Advantage tab Add a new instance, setting 'Tool to be published' to the course. Add a new instance, setting 'Tool to be published' to the assignment Add a new instance, setting 'Tool to be published' selected to the file resource. Verify you now have 3 published items Log out of the tool site now. On the platform site Log in as teacher t1 and visit the course. Click to add an activity or resource Select "QA test tool" from the activity chooser On the activity edit view, click "Select content" Verify you're presented with a popup containing a message asking you to first sign in to the tool site in another tab. Follow the instructions, signing in to the tool site as teacher t1 in another tab. In the platform view, close the popup and click "Select content" again Verify you're prompted to link the account you just signed in to the tool with Click to link the account and continue when you see the success message Verify you now see a list of published resources/activities including the 3 items you published earlier Check the "Add to course" box for the course Verify the "Add to gradebook" checkbox is automatically ticked. Click "Add content" Save the activity Now simulate a platform which omits client_id We need to modify the code in the tool site to test this next part. 1. Edit enrol/lti/login.php and change this part: global $_REQUEST; to this: global $_REQUEST; unset($_REQUEST['client_id']); and save the file. 2. Now, go to the platform site and try to launch the activity again. 3. Verify you can launch into the activity Upgrade test 1. Checkout 34ce1463ccc65 and install a site using this weekly hash. On a new, uninstalled clone of integration_master: git checkout 34ce1463ccc65 Then install the site 2. Go to Site admin > Plugins > Enrolments > Manage enrol plugins and enable "Publish as LTI tool" 3. Go to Site admin > Plugins > Auth > Manage auth and enable auth_lti 4. Go to Site admin > Plugins > Enrolments > Publish as LTI tool > Tool registration 5. Create a new platform registration, entering dummy data for the name, clientid, and various URLs. Make sure this is saved and you can see the registration in the table. 6. Click to generate a new dynamic registration URL 7. Now, checkout master git checkout master 8. Run the site upgrade 9. Verify you see no errors 10. Go to Site admin > Plugins > Enrolments > Publish as LTI tool > Tool registration 11. Verify : You see a single 'active' registration (your prior registration, upgraded) You don't see any dynamic registration URL 12. Click 'Edit' on the registration 13. Verify : You see the various name, clientid, url values you entered before 14. Click the "Tool details" tab 15. Verify : You see two sections: Dynamic registration and Manual registration, one below the other You see a 'token' param in the dynamic registration URL You see an 'id' param in the initiate login URL the value of 'token' matches that of 'id' Icon fallback test This just confirms we see the correct icons in tool registration when the fontawesome icon system is disabled. 1. Edit theme/boost/config.php and comment out the following line like so. // $THEME->iconsystem = \core\output\icon_system::FONTAWESOME; 2. Go to Site admin > Plugins > Enrolments > Publish as LTI tool > Tool registration 3. Make sure you're using the boost theme 4. Verify the icons next to the registration look like this:
    • 3
    • QA time, QA time 2

    Description

      The problem

      There's an optional client_id param that can be sent to the initiate_login_uri (https://www.imsglobal.org/spec/lti/v1p3/#client_id-login-parameter). Moodle needs this, along with issuer, to identify a local registration for the issuer/client pair (identifying the platform and the client on said platform), and continue with the next stage of the launch.

      If this param is omitted in the call to our login endpoint (technically possible according to the spec - see link above), we're unable to find the registration and cannot proceed to the next stage of the launch (annoyingly, where client_id IS mandatory as part of the JWT data).

      I believe the inclusion of client_id as an optional login param was a late addition to the spec, but either way, it's optional nature means we need to address this so that we can still accept launches in such cases.

      Note also: The problem here only presents itself in the test suite so far, but is technically possible in a real platform use case too (though I will note that at least Canvas and Moodle don't exhibit this problem).

      The solution

      The widely adopted solution is to accept a unique 'id' param in either the initiate_login_uri, or in the target_link_uri, allowing Moodle to use this param instead of the missing client id. This of course requires that Moodle is aware of this id BEFORE the creation and use of the registration URLs - not currently the case, because all URLs are generic.

      So, the process should work as follows (assuming the param is sent to the initiate_login_uri):

      1. Admins will now need to create a incomplete/stub registration, before being able to view and copy the endpoint URLs. This acts like a draft.
      2. When creating the stub/incomplete registration, Moodle will generate and store a unique id for the registration - for later use in the (now dedicated) login uri.
      3. The admin will copy the endpoint URLs as they did before, but will now see '?id=xxxx' in the initiate login URI.
      4. Registration continues as normal, with the admin recording the various URLs in Moodle as part of completing the registration
      5. When launching, login.php (the initiate login endpoint) will now see 'id' as a param there. At this time, depending on whether the optional client_id param has been sent or not, Moodle can identify the registration by either:
        • {iss, client_id}

          - if client_id has been sent

        • {iss, id}

          - in cases where the optional client_id is omitted

      6. Dynamic registration will also need to be made aware of the new login param, when returning it's configuration to the platform.

       

      Attachments

        1. expected_icons_no_iconsystem_defined.png
          expected_icons_no_iconsystem_defined.png
          1 kB
        2. Now simulate a platform which omits client_id_Step No. 3_Screenshot.PNG
          Now simulate a platform which omits client_id_Step No. 3_Screenshot.PNG
          52 kB
        3. Icon fallback test_Screenshot.PNG
          Icon fallback test_Screenshot.PNG
          2 kB
        4. Step 15.PNG
          Step 15.PNG
          66 kB
        5. Step 13.PNG
          Step 13.PNG
          46 kB
        6. Step 11.PNG
          Step 11.PNG
          54 kB
        7. Step 9.png
          Step 9.png
          361 kB
        8. registeraplatform_buttons.png
          registeraplatform_buttons.png
          16 kB

        Issue Links

          Activity

            People

              jaked Jake Dallimore
              jaked Jake Dallimore
              Mihail Geshoski Mihail Geshoski
              Andrew Lyons Andrew Lyons
              Gladys Basiana Gladys Basiana
              Votes:
              0 Vote for this issue
              Watchers:
              7 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Time Tracking

                  Estimated:
                  Original Estimate - 0 minutes
                  0m
                  Remaining:
                  Remaining Estimate - 0 minutes
                  0m
                  Logged:
                  Time Spent - 1 week, 2 days, 52 minutes
                  1w 2d 52m

                  Clockify

                    Error rendering 'clockify-timesheets-time-tracking-reports:timer-sidebar'. Please contact your Jira administrators.