The whole module has to support LTI 1.0/1.1 and LTI 1.3 authorizations.

Need to add support for the LTI 1.3 library. And need to add JWKS endpoint implementation.

Command icon Show commands

Start within a Git clone of the project using the version control instructions.

Or, if you do not have SSH keys set up on git.drupalcode.org:

Support from Acquia helps fund testing for Drupal Acquia logo

Comments

evgen created an issue. See original summary.

evgen’s picture

Version: 8.x-1.x-dev » 8.x-1.6
kenianbei’s picture

Any plans on contributing time/code to this? I may also have some time to work on this in the next 3-6 months as we are looking at actually getting some outcomes integration. If yes we should coordinate...

evgen’s picture

I'm working on the patch and planning to push it very soon. I think it will be a starting point. I cover LTI 1.3 authorization and JWKS endpoint (keyset URL) in order to support Deep Linking and API calls.

evgen’s picture

Version: 8.x-1.6 » 2.0.0
Status: Active » Needs review
FileSize
258.86 KB
evgen’s picture

FileSize
258.86 KB

Grimreaper made their first commit to this issue’s fork.

Grimreaper’s picture

Testing this module and the patch because I need a LTI 1.3 integration.

Remaking patch from comment 6 because it was not applyable with Composer and creating a MR for easier review and rebase.

Grimreaper’s picture

Also with patch from comment 8, unable to apply.

I think it is because there are changes in composer.json and Drupal.org composer facade alters the composer.json.

So I had to change my project composer.json like this:

    "repositories": [
        {
            "type": "composer",
            "url": "https://packages.drupal.org/8"
        },
        {
            "type": "vcs",
            "url": "https://git.drupalcode.org/issue/lti_tool_provider-3202964.git"
        },
        {
            "type": "vcs",
            "url": "https://github.com/IMSGlobal/lti-1-3-php-library"
        }
    ],

   "require": {
        "drupal/lti_tool_provider": "dev-3202964-lti-1.3",

}

Grimreaper’s picture

Status: Needs review » Needs work
In YamlSymfony.php line 40:
                                                                                                         
  Unexpected end of line, expected one of ",]" at line 9 (near "    '@lti_tool_provider.lti_service'"). 
Grimreaper’s picture

Status: Needs work » Needs review
kenianbei’s picture

@Grimreaper Thanks for doing all this work, I'm looking at it this week. I've been able to debug it to get through most of 1.3 login, however I'm having some issues with login validation. Have you been able to use your version to complete authentication with an LMS (I'm using Moodle to test)?

I was able to authenticate actually, I had some issues with docker DNS...

kenianbei’s picture

Some other thoughts:

Did you look at this LTI library (lib-lti1p3-core) at all?

According to this issue they don't recommend using their library for anything other than development and testing. They recommended the lib-lti1p3-core instead. It's much more actively developed.

Do you have any problems with switching to using that one?

Grimreaper’s picture

Hello @kenianbei,

The project I am using/testing this module is currently in stand by.

I didn't saw the comment about using IMSGlobal/lti-1-3-php-library for testing, but yes, if a more maintained library is available, it would be better. I currently have no more feedback to provide.

For testing, until now my client asked me to use https://saltire.lti.app/. So I coupled it with ngrok to have my local website accessible to this testing tool.

kenianbei’s picture

Thanks, ngrok is a good idea. I ended up just using nginx docker as a reverse proxy w/ self-signed certs. I was able to go through the full LTI authentication process and test all the submodules and everything is working.

I'm spending this week working on this, I will see how easy it is to get lib-lti1p3-core working. Once I convert everything to the other library I will put the patch out here so you guys can test it and then hopefully get something committed soon. After this I will be working on the gradebook service.

Grimreaper’s picture

Hello,

I am back on the project using lt_tooli_provider.

I am now testing an integration with https://www.blackboard.com/ and I encountered the following problem, Initial request sent by Blackboard is a GET request and current codebase is expecting a POST request.

I have hacked the code to get something working, now I will update the MR properly.

I also encountered other problems that I will document.

kenianbei’s picture

Hey, you might want to wait to do any more work, I've done a bunch rewrites to integrate the other library. I will post a patch this week.

kenianbei’s picture

I've updated the issue branch to use the new oat library + did a bunch of cleanup. I've gotten launch and all the submodule functionality working. However I added the key module to manage encryption keys, so you'll need to reconfigure your consumer to use that. You need both a public and private key, which you can generate here for convenience: https://lti-ri.imsglobal.org/keygen/index

Let me know if you have any problems getting the this commit to run.

Grimreaper’s picture

Hello,

Thanks for the update, I have posted my review comments. I think I will uninstall and then reinstall the module. I don't have the time to test the update path.

Grimreaper’s picture

Cannot generate message token: Cannot build token: It was not possible to parse your key, reason: error:0909006C:PEM routines:get_name:no start line

With keys in configuration it does not work (or maybe I had to add some \n\r characters?).

With keys as file it is ok.

And now I have:

The website encountered an unexpected error. Please try again later.
Error: Class 'Symfony\Contracts\EventDispatcher\Event' not found in require() (line 7 of modules/contrib/lti_tool_provider/src/LtiToolProviderEvent.php).

As expected in https://git.drupalcode.org/project/lti_tool_provider/-/merge_requests/1#..., now the module requires Drupal 9, no more compatible with Drupal 8...

Grimreaper’s picture

You have requested a non-existent service "password_generator".

Change record: https://www.drupal.org/node/3153113

Another thing breaking D8 compatibility.

I think I will make a new branch on the fork to downgrade some parts.

Grimreaper’s picture

I am sorry but I am struggling to get stuff working again like it was working yesterday.

I have to create a dedicated branch in the fork for the requirements for my project, also for D8 compatibility I would have to do that anyway.

When I test on https://saltire.lti.app/platform, I have authentication problem because it seems that there is a problem to get the 'lti_tool_provider_context' from the session.

And when I test with Blackboard, even after putting back the code changes to handle GET requests, I have a problem because of the format of the keys provided by Blackboard which is not a PEM format. With the oat-sa/lib-lti1p3-core library now it seems that this format is enforced.

kenianbei’s picture

Sorry, I actually forgot my docker was using D9. I will switch to D8 and test later this week.

kenianbei’s picture

Added D8 compatibility fixes.

Also I was able to use configuration based keys by adding \n to text file.

For blackboard, what format is the certs retreived at the keyset url? can you give me a link? There is an option in the registration interface to provide actual keys for the platform, right now it's just using the keyset url. We could add an option to provide those via the key module in the consumer entity, similar to how I added the private/public key pairs for the tool.

Grimreaper’s picture

Hello @kenianbei,

Thanks for the update, but I will stay on the branch https://git.drupalcode.org/issue/lti_tool_provider-3202964/-/tree/320296... because I don't have enough time to test it again I have to move forward because of deadlines in may.

I hope that after the deadline I will my client wanting to use the branch with the up-to-date PHP library and your optimizations.

On Blackboard (If I understand the config correctly):
- private key looks like: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx (an UUID)
- public key looks like: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx-xxxxxxxxxxxxxxxxxx-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx-xxxxxxxxxxxxxxxxxxxx-xxxxxxxxxxxxxxxxx (one line)

I don't think the option is needed (thanks for the suggestion). As I am discovering LTI protocol I don't know if the spec is correctly implemented in any parties.

Grimreaper’s picture

Hello,

I am back on this subject :)

I tried on a fresh standard Drupal (9) install from the 3202964-lti-1.3 branch of the fork, to avoid potential side effects from the website I am working on.

And now with https://saltire.lti.app/platform it works. I don't have the problem to get the 'lti_tool_provider_context' from the session. So maybe it was updating the patch from existing config that broke something.

Anyway, I will try on this fresh instance with Blackboard.

Grimreaper’s picture

For the record, here is https://saltire.lti.app/platform config I used.

Grimreaper’s picture

With Blackboard I still have the problem of key validation.

In vendor/lcobucci/jwt/src/Signer/OpenSSL.php::validateKey it is not valid.

I gave a look to the library and I don't see means to disable validation or override stuff.

I tried https://github.com/acodercat/php-jwk-to-pem to convert JWT key into pem, I can for the public key but not the private one, as it is more a "secret" than a private key.

I will try to get in touch with Blackboard to see if possible to get PEM keys.

Grimreaper’s picture

Hello,

I had been to talk with a Blackboard developer lead. The thing I didn't understand was that the RSA key had to be generated by me, Drupal side.

So I used one provided by Saltire and then it also worked with Blackboard!!!

I can switch back to the main branch of this MR.

kenianbei’s picture

Good news. I have only tested on Moodle so far but I will test on Canvas in the next week or so. I think we can merge this sooner than later and deal with actual LTI compliance and deep linking later on.

Grimreaper’s picture

Hello,

Ok :)

I think the update path still needs some work.

I checked all my review comments to close some but there are some remaining.

Grimreaper’s picture

Hello @kenianbei,

I don't know if you have time for that but would it be possible to have some feedbacks on my review comments please?

Especially https://git.drupalcode.org/project/lti_tool_provider/-/merge_requests/1#...

Thanks for any reply

Grimreaper’s picture

I found problems with LTI1.3 jwks endpoint, I will post feedbacks in the afternoon.

Grimreaper’s picture

I fixed (at least in my case) the JWKS endpoint, if you can test.

kenianbei’s picture

Will test at some point this week...

kenianbei’s picture

I did some cleanup and also changed the jwks route to prefix p1v3, now it's '/lti/v1p3/jwks'. I also tested the jkws service using Moodle and was able to make service requests. oat-sa actually has some good libraries for service calls, like lib-lti1p3-nrps.

I'm going to test out migration this week, as well as adding an automatic configuration endpoint.

kenianbei’s picture

Oh yeah, let me know if I've missed any of your questions from the MR...

kenianbei’s picture

Upgrade path seems to be working for me now. Pls test if you can, otherwise I think I will merge this.

kenianbei’s picture

Status: Needs review » Fixed

I've pushed out a release for this.

Status: Fixed » Closed (fixed)

Automatically closed - issue fixed for 2 weeks with no activity.

Grimreaper’s picture

Hi,

Thanks for the merge and sorry for the reply delay. I was in sick leave for 2 months.

I will update on my client project when development will be back on track.

Regards,

kenianbei’s picture

No problem. You might want to check out the lti_tool_provider_content submodule I added. It adds basic deep linking for content selection. I've tested it on Moodle and Canvas. It also allows you to alter where you select the content if you want to build a custom form for selecting an entity (My site uses React as a front-end so I do the selection on the client-side then send to the return route).

Also I will be working on a 1.3 version of gradebook integration the next few months so I'll post when I have something there. If you plan on using that or want to collaborate I'll open an issue for a fork.

Grimreaper’s picture

Thanks for the reply :).

The project is currently in stand by for some months so I will check it this moment.

I don't think I will need the gradebook feature, thanks for the proposition.