Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-80835

Add CHIPS support to LTI cookies

XMLWordPrintable

    • MOODLE_402_STABLE, MOODLE_403_STABLE
    • MOODLE_401_STABLE, MOODLE_402_STABLE, MOODLE_403_STABLE
    • MDL-80835-401
    • MDL-80835-402
    • MDL-80835-403
    • MDL-80835-main
    • Hide

      Prerequisites

      1. This needs to be tested in the following browsers:

      • Chrome - with the --test-third-party-cookie-phaseout flag (you can set this by going to chrome://flags in the URL, then looking for 'cookies' - it'll be an option in the results there).
      • Chrome - current vanilla settings, i.e. without the flag
      • Firefox - vanilla settings
      • Safari - vanilla settings

      Please make sure you have access to these.

      2. This needs to be tested using 2 public HTTPS sites on different domains. So, please make sure you can publish your dev sites using something like ngrok, localtunnel, expose, etc. etc.

      3. You need two Moodle sites - one called 'platform' and one called 'tool':

      • In the tool site admin settings:
        • Enable enrol_lti and auth_lti plugins
        • Enable "Allow frame embedding"
      • Make both sites public, HTTPS sites using something like ngrok, localtunnel, expose, etc.
        • Each MUST have a distinct domain to ensure we hit cross-site checks, so you may need to use 2 different tools

      Course setup

      1. Login to the tool site as the admin
      2. Create a course called 'tool course'
      3. Create an assignment in the course
      4. From the course nav, select "More > Published as LTI tools"
      5. Click to publish a new resource
      6. Select the assignment in the "Tool to be published" field, leaving everything else alone
      7. Save
      8. In another tab, login to the platform site as the admin
      9. Create a course called 'platform course'

      LTI 1.3 setup

      1. Login to the tool site as the admin user
      2. Go to Admin > Plugins > Enrolment plugins > Publish as LTI tool > Tool registration
      3. Click to create a new registration
      4. Name the registration "platform site" and continue
      5. You'll see a dynamic registration URL. Click the "Copy to clipboard" icon to copy it
      6. Now, in another browser tab, login as the admin user to the platform site
      7. Go to Site admin > Development > Debugging and set debug messages to "None". If we don't do this, we'll hit MDL-80674.
      8. Go to to Admin > Plugins > Activities > External tool > Manage tools
      9. Paste the URL value into the "Tool URL" field
      10. Click "Add LTI Advantage"
      11. You should see a tool card now. Click "Activate" on it.
      12. Edit the tool (click the cog)
      13. Set:
        • "Name" to "Moodle Tool Site"
        • "Tool configuration usage" to "Show in activity chooser and as a preconfigured tool"
      14. Save the form

      Test creating a link and launching it several ways

      1. Login to the platform site
      2. Go to the course
      3. Click to create an activity or resource
      4. Select the "Moodle Tool Site" activity tile
      5. When you're taken to the edit form, click the "Select content" button
      6. In the popup, verify:
        • You see a view containing the "Use existing account" card
        • Since you're not logged in, you see a "Log in" button at the bottom
      7. Click the login button
      8. Proceed to login to the site
      9. Verify you're taken back to the previous view, but can now see "Link this account" presented as a button at the bottom. Don't login yet.
      10. Close the modal
      11. Click "Select content" again
      12. Verify you see the same view with "Link this account" listed. I.e. you're authenticated with the tool site inside the frame.
      13. Click the button to link the account, and proceed through any success notifications
      14. Verify you see a list of activities without errors
      15. Click the "Add to course" checkbox for the assignment and click "Add content"
      16. Verify the modal closes and you see the edit form, now updated with the assignment name
      17. Click "Save and return to course"
      18. Click the assignment you just created to launch the tool
      19. Verify you're taken to the assignment, inside a frame, and there are no errors on the page.
      20. Inside the iframe, from the top right user menu, click "Log out"
      21. Now, reload the page
      22. Verify you see the tool load within the iframe again, and that you are again logged in.
      23. Now, go to the site admin in the platform site
      24. Edit the "Moodle Tool Site" tool
      25. Set "Default launch container" to "New window"
      26. Go back to the course
      27. Click the assignment to launch it
      28. Verify you're taken to a new tab and are signed into the tool site and can view the assignment
      29. Log out of the tool site in this new window
      30. Back in the platform tab, click the assignment again in the course
      31. Verify you're taken to a new tab and are signed into the tool site and can view the assignment
      32. Now, unlink the LTI account by running this in the tool site DB:

        DELETE FROM mdl_auth_lti_linked_login;

      Repeat the above testing process - "Test creating a link and launching it several ways" - for each of:

        • Chrome - with the --test-third-party-cookie-phaseout flag (you can set this by going to chrome://flags in the URL, then looking for 'cookies' - it'll be an option in the results there - or you can run from the command line).
        • Chrome - current vanilla settings, i.e. without the flag
        • Firefox - vanilla settings
          Update the testing matrix (at the bottom of the testing instructions) as you proceed through each branch/browser combination.

      Testing Safari

      1. Login to the platform site
      2. Go to the course
      3. Click to create an activity or resource
      4. Select the "Moodle Tool Site" activity tile
      5. When you're taken to the edit form, click the "Select content" button
      6. Verify that you see a message stating that cookies being required but were found to be blocked
      7. Close the modal

      Testing same-site LTI

      This part of the testing only needs one of the sites. Some institutions use both the LTI tool + platform plugins on the same site as a means to reuse content. Activities from one course can be used in another, via LTI. We'll set this up in the tool site.

      1. Log into the tool as a site admin
      2. Go to Site admin > Development > Debugging, and change debug messages to "None", otherwise we'll run into the following bug: MDL-80674.
      3. Now, go to Plugins > Enrolments > Publish as LTI tool > Tool registration
      4. Click "Register a platform"
      5. Enter "Samesite tool" as the name and continue
      6. Copy the dynamic registration URL
      7. Now go to Plugins > Activity modules > External tool > Manage tools
      8. Paste the URL into the "Tool URL" text box and press "Add LTI Advantage"
      9. Proceed with registration
      10. When you're redirected back to the tool listing, edit the pending tool you just registered, setting:
        • Name: "Samesite tool"
        • Tool configuration usage: "show in activity chooser and as a preconfigured tool"
      11. Save the form
      12. Now, on the tool list, click "Activate" on the tool card.
      13. Now, create a new course "Samesite testing"
      14. Enrol a student s1 in the course
      15. Click to add an activity or resource, selecting "Samesite tool" from the chooser
      16. On the edit form, click "Select content"
      17. Verify you see the welcome screen and that the "Use existing account" card contains details of your existing account
      18. Click "Link this account" and proceed through the confirmation notice
      19. Verify you see a list of activities
      20. Select the assignment you published (click the "Add to course" checkbox)
      21. Click "Add content"
      22. Verify the modal closes and you can see the activity name has been updated
      23. Save and return to course
      24. Launch the activity you just created
      25. Verify you can see the assignment loaded in an iframe
      26. Log out
      27. Log in as the student s1 and go to the "Samesite testing" course
      28. Launch the activity
      29. Verify you can see the assignment loaded in an iframe

      Testing matrix

      Branch Chrome Chrome w flag Firefox Safari
      4.1 Passed Passed Passed Passed
      4.2 Passed Passed Passed Passed
      4.3 Passed Passed Passed Passed
      main Passed Passed Passed Passed
      Show
      Prerequisites 1. This needs to be tested in the following browsers: Chrome - with the --test-third-party-cookie-phaseout flag (you can set this by going to chrome://flags in the URL, then looking for 'cookies' - it'll be an option in the results there). Chrome - current vanilla settings, i.e. without the flag Firefox - vanilla settings Safari - vanilla settings Please make sure you have access to these. 2. This needs to be tested using 2 public HTTPS sites on different domains. So, please make sure you can publish your dev sites using something like ngrok, localtunnel, expose, etc. etc. 3. You need two Moodle sites - one called 'platform' and one called 'tool': In the tool site admin settings: Enable enrol_lti and auth_lti plugins Enable "Allow frame embedding" Make both sites public, HTTPS sites using something like ngrok, localtunnel, expose, etc. Each MUST have a distinct domain to ensure we hit cross-site checks, so you may need to use 2 different tools Course setup Login to the tool site as the admin Create a course called 'tool course' Create an assignment in the course From the course nav, select "More > Published as LTI tools" Click to publish a new resource Select the assignment in the "Tool to be published" field, leaving everything else alone Save In another tab, login to the platform site as the admin Create a course called 'platform course' LTI 1.3 setup Login to the tool site as the admin user Go to Admin > Plugins > Enrolment plugins > Publish as LTI tool > Tool registration Click to create a new registration Name the registration "platform site" and continue You'll see a dynamic registration URL. Click the "Copy to clipboard" icon to copy it Now, in another browser tab, login as the admin user to the platform site Go to Site admin > Development > Debugging and set debug messages to "None". If we don't do this, we'll hit MDL-80674 . Go to to Admin > Plugins > Activities > External tool > Manage tools Paste the URL value into the "Tool URL" field Click "Add LTI Advantage" You should see a tool card now. Click "Activate" on it. Edit the tool (click the cog) Set: "Name" to "Moodle Tool Site" "Tool configuration usage" to "Show in activity chooser and as a preconfigured tool" Save the form Test creating a link and launching it several ways Login to the platform site Go to the course Click to create an activity or resource Select the "Moodle Tool Site" activity tile When you're taken to the edit form, click the "Select content" button In the popup, verify : You see a view containing the "Use existing account" card Since you're not logged in, you see a "Log in" button at the bottom Click the login button Proceed to login to the site Verify you're taken back to the previous view, but can now see "Link this account" presented as a button at the bottom. Don't login yet. Close the modal Click "Select content" again Verify you see the same view with "Link this account" listed. I.e. you're authenticated with the tool site inside the frame. Click the button to link the account, and proceed through any success notifications Verify you see a list of activities without errors Click the "Add to course" checkbox for the assignment and click "Add content" Verify the modal closes and you see the edit form, now updated with the assignment name Click "Save and return to course" Click the assignment you just created to launch the tool Verify you're taken to the assignment, inside a frame, and there are no errors on the page. Inside the iframe, from the top right user menu, click "Log out" Now, reload the page Verify you see the tool load within the iframe again, and that you are again logged in. Now, go to the site admin in the platform site Edit the "Moodle Tool Site" tool Set "Default launch container" to "New window" Go back to the course Click the assignment to launch it Verify you're taken to a new tab and are signed into the tool site and can view the assignment Log out of the tool site in this new window Back in the platform tab, click the assignment again in the course Verify you're taken to a new tab and are signed into the tool site and can view the assignment Now, unlink the LTI account by running this in the tool site DB: DELETE FROM mdl_auth_lti_linked_login; Repeat the above testing process - "Test creating a link and launching it several ways" - for each of: Chrome - with the --test-third-party-cookie-phaseout flag (you can set this by going to chrome://flags in the URL, then looking for 'cookies' - it'll be an option in the results there - or you can run from the command line). Chrome - current vanilla settings, i.e. without the flag Firefox - vanilla settings Update the testing matrix (at the bottom of the testing instructions) as you proceed through each branch/browser combination. Testing Safari Login to the platform site Go to the course Click to create an activity or resource Select the "Moodle Tool Site" activity tile When you're taken to the edit form, click the "Select content" button Verify that you see a message stating that cookies being required but were found to be blocked Close the modal Testing same-site LTI This part of the testing only needs one of the sites. Some institutions use both the LTI tool + platform plugins on the same site as a means to reuse content. Activities from one course can be used in another, via LTI. We'll set this up in the tool site. Log into the tool as a site admin Go to Site admin > Development > Debugging, and change debug messages to "None", otherwise we'll run into the following bug: MDL-80674 . Now, go to Plugins > Enrolments > Publish as LTI tool > Tool registration Click "Register a platform" Enter "Samesite tool" as the name and continue Copy the dynamic registration URL Now go to Plugins > Activity modules > External tool > Manage tools Paste the URL into the "Tool URL" text box and press "Add LTI Advantage" Proceed with registration When you're redirected back to the tool listing, edit the pending tool you just registered, setting: Name: "Samesite tool" Tool configuration usage: "show in activity chooser and as a preconfigured tool" Save the form Now, on the tool list, click "Activate" on the tool card. Now, create a new course "Samesite testing" Enrol a student s1 in the course Click to add an activity or resource, selecting "Samesite tool" from the chooser On the edit form, click "Select content" Verify you see the welcome screen and that the "Use existing account" card contains details of your existing account Click "Link this account" and proceed through the confirmation notice Verify you see a list of activities Select the assignment you published (click the "Add to course" checkbox) Click "Add content" Verify the modal closes and you can see the activity name has been updated Save and return to course Launch the activity you just created Verify you can see the assignment loaded in an iframe Log out Log in as the student s1 and go to the "Samesite testing" course Launch the activity Verify you can see the assignment loaded in an iframe Testing matrix Branch Chrome Chrome w flag Firefox Safari 4.1 Passed Passed Passed Passed 4.2 Passed Passed Passed Passed 4.3 Passed Passed Passed Passed main Passed Passed Passed Passed
    • 2
    • Team Hedgehog 2024 Sprint 1.2, Team Hedgehog 2024 Sprint 1.3

      This is a Chrome-specific issue. See:
      https://developers.google.com/privacy-sandbox/3pcd/chips
      https://developers.google.com/privacy-sandbox/blog/cookie-countdown-2023oct

      In a nutshell, this issue is scoped with:

      • Ensuring the lti1p3_state-XXXX cookie used during OIDC login opts in to Chrome's cookie partitioning
      • Ensuring the MoodleSession cookie used by core Moolde opts in to Chrome's cookie partitioning
        • Make sure the above only happens during LTI launches. I.e. not a wider change to Moodle's session code.

        1. (1) 12 Passed -- (Main)MDL-80835.png
          (1) 12 Passed -- (Main)MDL-80835.png
          72 kB
        2. (1) 14 Passed -- (Main)MDL-80835.png
          (1) 14 Passed -- (Main)MDL-80835.png
          71 kB
        3. (1) 16 Passed -- (Main)MDL-80835.png
          (1) 16 Passed -- (Main)MDL-80835.png
          109 kB
        4. (1) 19 Passed -- (Main)MDL-80835.png
          (1) 19 Passed -- (Main)MDL-80835.png
          99 kB
        5. (1) 22 Passed -- (Main)MDL-80835.png
          (1) 22 Passed -- (Main)MDL-80835.png
          96 kB
        6. (1) 28 Passed -- (Main)MDL-80835.png
          (1) 28 Passed -- (Main)MDL-80835.png
          91 kB
        7. (1) 31 Passed -- (Main)MDL-80835.png
          (1) 31 Passed -- (Main)MDL-80835.png
          73 kB
        8. (1) 6 Passed -- (Main)MDL-80835.png
          (1) 6 Passed -- (Main)MDL-80835.png
          64 kB
        9. (1) 9 Passed -- (Main)MDL-80835.png
          (1) 9 Passed -- (Main)MDL-80835.png
          67 kB
        10. (2) 6 Passed -- (Main)MDL-80835.png
          (2) 6 Passed -- (Main)MDL-80835.png
          424 kB
        11. (3) 17 Passed -- (Main)MDL-80835.png
          (3) 17 Passed -- (Main)MDL-80835.png
          77 kB
        12. (3) 19 Passed -- (Main)MDL-80835-1.png
          (3) 19 Passed -- (Main)MDL-80835-1.png
          51 kB
        13. (3) 22 Passed -- (Main)MDL-80835.png
          (3) 22 Passed -- (Main)MDL-80835.png
          109 kB
        14. (3) 25 Passed -- (Main)MDL-80835.png
          (3) 25 Passed -- (Main)MDL-80835.png
          101 kB
        15. (3) 29 Passed -- (Main)MDL-80835.png
          (3) 29 Passed -- (Main)MDL-80835.png
          100 kB
        16. login_error.png
          login_error.png
          123 kB
        17. MDL-80835 - 401 -  Platform Tool ready to go.png
          MDL-80835 - 401 - Platform Tool ready to go.png
          49 kB
        18. MDL-80835 - Chrome 401 - Activity.png
          MDL-80835 - Chrome 401 - Activity.png
          91 kB
        19. MDL-80835 - Chrome 401 - Activity Chooser Tool.png
          MDL-80835 - Chrome 401 - Activity Chooser Tool.png
          49 kB
        20. MDL-80835 - Chrome 401 - Activity content.png
          MDL-80835 - Chrome 401 - Activity content.png
          37 kB
        21. MDL-80835 - Chrome 401 - Link.png
          MDL-80835 - Chrome 401 - Link.png
          58 kB
        22. MDL-80835 - Chrome 402 - Activity.png
          MDL-80835 - Chrome 402 - Activity.png
          107 kB
        23. MDL-80835 - Chrome 402 - Link account.png
          MDL-80835 - Chrome 402 - Link account.png
          84 kB
        24. MDL-80835 - Chrome 402 - Login Tool Site.png
          MDL-80835 - Chrome 402 - Login Tool Site.png
          76 kB
        25. MDL-80835 - Chrome 402 - Moodle tool site in activity chooser.png
          MDL-80835 - Chrome 402 - Moodle tool site in activity chooser.png
          71 kB
        26. MDL-80835 - Chrome 402 - Select activity.png
          MDL-80835 - Chrome 402 - Select activity.png
          65 kB
        27. MDL-80835 - Chrome Cookies 401 - Activity.png
          MDL-80835 - Chrome Cookies 401 - Activity.png
          87 kB
        28. MDL-80835 - Chrome Cookies 401 - Activity Chooser Tool.png
          MDL-80835 - Chrome Cookies 401 - Activity Chooser Tool.png
          52 kB
        29. MDL-80835 - Chrome Cookies 401 - Activity content.png
          MDL-80835 - Chrome Cookies 401 - Activity content.png
          45 kB
        30. MDL-80835 - Chrome Cookies 401 - Link Account.png
          MDL-80835 - Chrome Cookies 401 - Link Account.png
          54 kB
        31. MDL-80835 - Chrome Cookies 401 - Login.png
          MDL-80835 - Chrome Cookies 401 - Login.png
          48 kB
        32. MDL-80835 - Chrome Cookies 402 - Activity view.png
          MDL-80835 - Chrome Cookies 402 - Activity view.png
          88 kB
        33. MDL-80835 - Chrome Cookies 402 - Activty.png
          MDL-80835 - Chrome Cookies 402 - Activty.png
          36 kB
        34. MDL-80835 - Chrome Cookies 402 - Link Account.png
          MDL-80835 - Chrome Cookies 402 - Link Account.png
          48 kB
        35. MDL-80835 - Chrome Cookies 402 - Login Tool site.png
          MDL-80835 - Chrome Cookies 402 - Login Tool site.png
          139 kB
        36. MDL-80835 - Chrome Cookies 402 - Select content.png
          MDL-80835 - Chrome Cookies 402 - Select content.png
          43 kB
        37. MDL-80835 - Firedox 401 - Activity Chooser Tool.png
          MDL-80835 - Firedox 401 - Activity Chooser Tool.png
          51 kB
        38. MDL-80835 - Firefox 401 - Activity.png
          MDL-80835 - Firefox 401 - Activity.png
          111 kB
        39. MDL-80835 - Firefox 401 - Activity content.png
          MDL-80835 - Firefox 401 - Activity content.png
          44 kB
        40. MDL-80835 - Firefox 401 - Link.png
          MDL-80835 - Firefox 401 - Link.png
          61 kB
        41. MDL-80835 - Firefox 402 - Moodle tool site in activity chooser.png
          MDL-80835 - Firefox 402 - Moodle tool site in activity chooser.png
          40 kB
        42. MDL-80835 - Firefox 402 - Step 12 link this account.png
          MDL-80835 - Firefox 402 - Step 12 link this account.png
          52 kB
        43. MDL-80835 - Firefox 402 - Step 15 activity.png
          MDL-80835 - Firefox 402 - Step 15 activity.png
          33 kB
        44. MDL-80835 - Firefox 402 - Step 16 modal closes.png
          MDL-80835 - Firefox 402 - Step 16 modal closes.png
          53 kB
        45. MDL-80835 - Firefox 402 - Step 19 activity frame.png
          MDL-80835 - Firefox 402 - Step 19 activity frame.png
          83 kB
        46. MDL-80835 - Safari 401 - Activity.png
          MDL-80835 - Safari 401 - Activity.png
          104 kB
        47. MDL-80835 - Safari 401 - Activity Chooser Tool.png
          MDL-80835 - Safari 401 - Activity Chooser Tool.png
          74 kB
        48. MDL-80835 - Safari 401 - Activity content.png
          MDL-80835 - Safari 401 - Activity content.png
          64 kB
        49. MDL-80835 - Safari 401 - Link.png
          MDL-80835 - Safari 401 - Link.png
          77 kB
        50. MDL-80835 - Safari 401 - Login.png
          MDL-80835 - Safari 401 - Login.png
          71 kB
        51. MDL-80835 - Safari 402 - Activity.png
          MDL-80835 - Safari 402 - Activity.png
          102 kB
        52. MDL-80835 - Safari 402 - Link account.png
          MDL-80835 - Safari 402 - Link account.png
          72 kB
        53. MDL-80835 - Safari 402 - Login Moodle.png
          MDL-80835 - Safari 402 - Login Moodle.png
          261 kB
        54. MDL-80835 - Safari 402 - Login Moodle Tool Site.png
          MDL-80835 - Safari 402 - Login Moodle Tool Site.png
          53 kB
        55. MDL-80835  - Samesite 401 - Activity chooser tool.png
          MDL-80835 - Samesite 401 - Activity chooser tool.png
          66 kB
        56. MDL-80835  - Samesite 401 - Activity content.png
          MDL-80835 - Samesite 401 - Activity content.png
          44 kB
        57. MDL-80835  - Samesite 401 - Activity student view.png
          MDL-80835 - Samesite 401 - Activity student view.png
          64 kB
        58. MDL-80835  - Samesite 401 -  Activity teacher view.png
          MDL-80835 - Samesite 401 - Activity teacher view.png
          98 kB
        59. MDL-80835  - Samesite 401 - Link account.png
          MDL-80835 - Samesite 401 - Link account.png
          53 kB
        60. MDL-80835  - Samesite 401 - Tool ready.png
          MDL-80835 - Samesite 401 - Tool ready.png
          58 kB
        61. MDL-80835  - Samesite 402 - activity chooser.png
          MDL-80835 - Samesite 402 - activity chooser.png
          64 kB
        62. MDL-80835  - Samesite 402 - activity content.png
          MDL-80835 - Samesite 402 - activity content.png
          36 kB
        63. MDL-80835  - Samesite 402- Activity teacher view.png
          MDL-80835 - Samesite 402- Activity teacher view.png
          102 kB
        64. MDL-80835  - Samesite 402 - add a tool.png
          MDL-80835 - Samesite 402 - add a tool.png
          70 kB
        65. MDL-80835  - Samesite 402 - Link account.png
          MDL-80835 - Samesite 402 - Link account.png
          53 kB
        66. MDL-80835  - Samesite 402 - Student view.png
          MDL-80835 - Samesite 402 - Student view.png
          74 kB

            jaked Jake Dallimore
            jaked Jake Dallimore
            Stevani Andolo Stevani Andolo
            Huong Nguyen Huong Nguyen
            Carlos Escobedo Carlos Escobedo
            Votes:
            1 Vote for this issue
            Watchers:
            11 Start watching this issue

              Created:
              Updated:
              Resolved:

                Estimated:
                Original Estimate - 0 minutes
                0m
                Remaining:
                Remaining Estimate - 0 minutes
                0m
                Logged:
                Time Spent - 3 days, 2 minutes
                3d 2m

                  Error rendering 'clockify-timesheets-time-tracking-reports:timer-sidebar'. Please contact your Jira administrators.