Uploaded image for project: 'Moodle app'
  1. Moodle app
  2. MOBILE-3706

iOS Native app not processing LTI 1.3 launch correctly

    XMLWordPrintable

Details

    • MOODLE_39_STABLE
    • Moodle App 3.9.5

    Description

      When I create an LTI 1.3 resource and launch it is supposed to go thru several distinct phases

      1. OIDC Login
      2. Post to a resource URI to the pre-registered redirect endpoint

      And this works fine in the browser and the android app.

       

      However in the iOS app (3.9.4) running against the server (moodlecloud LTS 3.9.2 )

      the app only issues a single POST directly to the resource URI, which is incorrect. The POST should be to the redirect endpoint, however it is also skipping the OIDC login flow.

      Because the flow is skipping the OIDC flow, it is potentially posting sensitive data out to an unknown endpoint so I am labeling this a a 'serious security issue'

      Attachments

        Issue Links

          Activity

            People

              Unassigned Unassigned
              peterfranza Peter Franza
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Clockify

                  Error rendering 'clockify-timesheets-time-tracking-reports:timer-sidebar'. Please contact your Jira administrators.