Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-74699

Launch error when an array of aud values sent

XMLWordPrintable

    • 1
    • 4.1 holding pattern 2

      During a launch, if the JWT contains an array of aud values, the first value is taken as the client_id by the library:
      https://github.com/moodle/moodle/blob/master/lib/lti1p3/src/LtiMessageLaunch.php#L389

      When we're dealing with the client_id outside of the library code, such as when we process the raw launch data (jwt) in the service code, we don't do this. We need to make the same kind of call in other code which is reliant on client_id otherwise we risk sending an array value for client_id to the constructor of application_registration_repository::find_by_platform() instead of a string value.

      A string value is acceptable when there's just a single aud (https://www.imsglobal.org/spec/security/v1p1#id-token), otherwise we need to fetch clientid from the first array element, just like in the library code. So we can have either:

      [aud]
      [aud, aud2]
      "aud"

       

      If aud is an array, you can see the launch stack trace here:

            jaked Jake Dallimore
            jaked Jake Dallimore
            Mihail Geshoski Mihail Geshoski
            Shamim Rezaie Shamim Rezaie
            CiBoT CiBoT
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

              Created:
              Updated:
              Resolved:

                Estimated:
                Original Estimate - Not Specified
                Not Specified
                Remaining:
                Remaining Estimate - 0 minutes
                0m
                Logged:
                Time Spent - 2 hours, 36 minutes
                2h 36m

                  Error rendering 'clockify-timesheets-time-tracking-reports:timer-sidebar'. Please contact your Jira administrators.