Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-79725

lti1p3 OIDC Login creates broken URL for auth URLs already containing query parameters

    XMLWordPrintable

Details

    • MOODLE_402_STABLE, MOODLE_403_STABLE
    • MOODLE_402_STABLE, MOODLE_403_STABLE
    • MDL-79725-402
    • MDL-79725-403
    • Hide

      Prerequisites

      1. You need two Moodle sites (localhost is fine) - one called 'platform' and one called 'tool'
      2. In the tool site admin settings:
        • Enable enrol_lti and auth_lti plugins
        • Enable "Allow frame embedding"
      3. In BOTH sites:
        • Go to "Administration > Security > HTTP security" and clear all values from the 'curlsecurityblockedhosts' admin setting and save. (to permit localhost-to-localhost calls)

      Course setup

      1. Login to the tool site as the admin
      2. Create a course called 'tool course'
      3. Create an assignment in the course
      4. In another tab, login to the platform site as the admin
      5. Create a course called 'platform course'

      LTI 1.3 setup

      1. Login to the tool site as the admin user
      2. Go to Admin > Plugins > Enrolment plugins > Publish as LTI tool > Tool registration
      3. Click to create a new registration
      4. Name the registration "platform site" and continue
      5. You'll see a dynamic registration URL. Click the "Copy to clipboard" icon to copy it
      6. Now, in another browser tab, login as the admin user to the platform site
      7. Go to to Admin > Plugins > Activities > External tool > Manage tools
      8. Paste the URL value into the "Tool URL" field
      9. Click "Add LTI Advantage"
      10. You should see a tool card now. Click "Activate" on it.
      11. Edit the tool (click the cog)
      12. Set:
        • "Name" to "Moodle LTI Advantage"
        • "Tool configuration usage" to "Show in activity chooser and as a preconfigured tool"
      13. Save the form
      14. Log out of the platform site
      15. Now, go back to the tool site as a site admin
      16. Go to "Site admin > Plugins > Enrolment plugins > Publish as LTI tool > Tool registration"
      17. Edit the registration and go to the "Platform details" tab
      18. Edit the details and change "Authentication request URL", adding the suffix '?test'. It should look something like the form:

        http://localhost/PLATFORMSITENAME/mod/lti/auth.php?test 

      19. Save

      Publish an activity and set up the resource link in the platform

      1. Login to the tool site as the admin user
      2. Go to the course
      3. From the course nav, select "More > Published as LTI tools"
      4. Click to publish a new resource
      5. Select the assignment in the "Tool to be published" field, leaving everything else alone
      6. Save
      7. Logout
      8. Login to the platform site in the new tab
      9. Go to the course
      10. Click to create an activity or resource
      11. Select the "Moodle LTI Advantage" activity tile
      12. When you're taken to the edit form, click "Select content"
      13. Click to bind your account with the admin account in the tool
      14. Verify you see a list of activities without errors
      15. When you see the list of activities, select the assignment's "Add to course" (add to gradebook will be auto checked and that's ok)
      16. Click "Add content"
      17. When the modal closes, check the "Privacy" section of the form
      18. Make sure that all options are checked (accept grades, share names, share email)
      19. Save the activity instance
      20. Launch the activity instance by clicking it
      21. Verify you see the activity in an iframe and that you see no errors.
      22. Now, log in to the tool site as an admin user again
      23. Go to "Site admin > Plugins > Enrolment plugins > Publish as LTI tool > Tool registration"
      24. Edit the registration and go to the "Platform details" tab
      25. Edit the details and change "Authentication request URL", removing the suffix '?test'. It should look something like the form:

        http://localhost/PLATFORMSITENAME/mod/lti/auth.php

      26. Save
      27. Now, back in the platform site, repeat the process of launching the tool instance (the activity), Verifying you see no errors
      Show
      Prerequisites You need two Moodle sites (localhost is fine) - one called 'platform' and one called 'tool' In the tool site admin settings: Enable enrol_lti and auth_lti plugins Enable "Allow frame embedding" In BOTH sites: Go to "Administration > Security > HTTP security" and clear all values from the 'curlsecurityblockedhosts' admin setting and save. (to permit localhost-to-localhost calls) Course setup Login to the tool site as the admin Create a course called 'tool course' Create an assignment in the course In another tab, login to the platform site as the admin Create a course called 'platform course' LTI 1.3 setup Login to the tool site as the admin user Go to Admin > Plugins > Enrolment plugins > Publish as LTI tool > Tool registration Click to create a new registration Name the registration "platform site" and continue You'll see a dynamic registration URL. Click the "Copy to clipboard" icon to copy it Now, in another browser tab, login as the admin user to the platform site Go to to Admin > Plugins > Activities > External tool > Manage tools Paste the URL value into the "Tool URL" field Click "Add LTI Advantage" You should see a tool card now. Click "Activate" on it. Edit the tool (click the cog) Set: "Name" to "Moodle LTI Advantage" "Tool configuration usage" to "Show in activity chooser and as a preconfigured tool" Save the form Log out of the platform site Now, go back to the tool site as a site admin Go to "Site admin > Plugins > Enrolment plugins > Publish as LTI tool > Tool registration" Edit the registration and go to the "Platform details" tab Edit the details and change "Authentication request URL", adding the suffix '?test'. It should look something like the form: http: //localhost/PLATFORMSITENAME/mod/lti/auth.php?test Save Publish an activity and set up the resource link in the platform Login to the tool site as the admin user Go to the course From the course nav, select "More > Published as LTI tools" Click to publish a new resource Select the assignment in the "Tool to be published" field, leaving everything else alone Save Logout Login to the platform site in the new tab Go to the course Click to create an activity or resource Select the "Moodle LTI Advantage" activity tile When you're taken to the edit form, click "Select content" Click to bind your account with the admin account in the tool Verify you see a list of activities without errors When you see the list of activities, select the assignment's "Add to course" (add to gradebook will be auto checked and that's ok) Click "Add content" When the modal closes, check the "Privacy" section of the form Make sure that all options are checked (accept grades, share names, share email) Save the activity instance Launch the activity instance by clicking it Verify you see the activity in an iframe and that you see no errors. Now, log in to the tool site as an admin user again Go to "Site admin > Plugins > Enrolment plugins > Publish as LTI tool > Tool registration" Edit the registration and go to the "Platform details" tab Edit the details and change "Authentication request URL", removing the suffix '?test'. It should look something like the form: http: //localhost/PLATFORMSITENAME/mod/lti/auth.php Save Now, back in the platform site, repeat the process of launching the tool instance (the activity), Verifying you see no errors

    Description

      When the auth URL of an embedding LTI platform contains query parameters, in this case the Wordpress Plugin 'wordpress-lti-platform' (auth URL example: https://platform.tld/?lti-platform&auth),  the lti1p3 library creates broken URLs when appending the auth params, i.e. https://platform.tld/?lti-platform&auth?scope=openid&response_type=id_token&response_mode=form_post&prompt=none&client_id=...

      In this case the function should recognize the URL already including a ? and using an & as glue for further parameters.

      The code in question runs at line 93 in

      lib/lti1p3/src/LtiOidcLogin.php
      

      This code also exists in this form in the upstream versions of the fork.

      Attachments

        Issue Links

          Activity

            People

              jaked Jake Dallimore
              naglfar Stefan Trautvetter
              Stevani Andolo Stevani Andolo
              Jun Pataleta Jun Pataleta
              Ron Carl Alfon Yu Ron Carl Alfon Yu
              Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Time Tracking

                  Estimated:
                  Original Estimate - 0 minutes
                  0m
                  Remaining:
                  Remaining Estimate - 0 minutes
                  0m
                  Logged:
                  Time Spent - 2 hours, 19 minutes
                  2h 19m

                  Clockify

                    Error rendering 'clockify-timesheets-time-tracking-reports:timer-sidebar'. Please contact your Jira administrators.