Uploaded image for project: 'Moodle app'
  1. Moodle app
  2. MOBILE-3706

iOS Native app not processing LTI 1.3 launch correctly

XMLWordPrintable

    • MOODLE_39_STABLE
    • Moodle App 3.9.5

      When I create an LTI 1.3 resource and launch it is supposed to go thru several distinct phases

      1. OIDC Login
      2. Post to a resource URI to the pre-registered redirect endpoint

      And this works fine in the browser and the android app.

       

      However in the iOS app (3.9.4) running against the server (moodlecloud LTS 3.9.2 )

      the app only issues a single POST directly to the resource URI, which is incorrect. The POST should be to the redirect endpoint, however it is also skipping the OIDC login flow.

      Because the flow is skipping the OIDC flow, it is potentially posting sensitive data out to an unknown endpoint so I am labeling this a a 'serious security issue'

            Unassigned Unassigned
            peterfranza Peter Franza
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

              Created:
              Updated:
              Resolved:

                Error rendering 'clockify-timesheets-time-tracking-reports:timer-sidebar'. Please contact your Jira administrators.