-
Bug
-
Resolution: Fixed
-
Major
-
4.2.6, 4.3.3
-
1
-
Team Alpha - Sprint 4 I1-2024
See this code:
https://github.com/moodle/moodle/blob/6f54ece65581c55ee886e9277078ddee197c5393/enrol/lti/register.php#L56-L59
And then see the spec (which wasn't finalised when we built this):
https://www.imsglobal.org/node/200666#step-1-registration-initiation-request
Specifically:
The initiation launch is a User Agent redirect to the initiation registration URL and appends the following query parameters to the URL:
openid_configuration: the endpoint to the open id configuration to be used for this registration, encoded as per [RFC3986] Section 3.4.
registration_token (optional): the registration access token. If present, it must be used as the access token by the tool when making the registration request to the registration endpoint exposed in the openid configuration.
The registration token should be:
short lived - typically 1 hour to allow enough time for some UI interaction on the tool side happening before the actual registration request is made.
usable only once - the token must not allow more than one registration
We just need to validate it as an optional field, and ensure that it's conditionally added to the requests headers as a bearer token.
Currently, this bug, along with a bug on Blackboard's side, prevents us from using dynamic registration with Blackboard. Let's fix this.
There are likely a few other discrepancies we'll find, so we should fix these as we test this.