Closed bvds closed 2 years ago
Wondering this as well. It seems to me like token.platformInfo.guid
is directly from the standard but not clear how to get this either from my platform (Canvas) or from ltijs programatically.
Meanwhile token.platformId
looks to be how the platforms are actually identified within an ltijs Provider (see e.g. Provider.getPlatformById). Interestingly platformId is persistent across launches even when wiping the database. So it must be constructed from something.
My mistake, platformId does not persist database wipes! Some reading of the code found that it is simply randomly generated and is the same as what is called platform key id, or "kid".
platformId prop is added in Auth.verifyToken:
// Adding clientId and platformId information to token
verified.clientId = await platform.platformClientId()
verified.platformId = await platform.platformKid()
Platform constructor describes the parameter kid:
* @param {string} kid - Key id for local keypair used to sign messages to this platform.
registerPlatform gets the value which is passed to Platform constructor:
kid = await Auth.generatePlatformKeyPair(_ENCRYPTIONKEY, _Database, platform.url, platform.clientId)
And finally we get to the start where kid is generated in Auth.generatePlatformKeyPair:
let kid = crypto.randomBytes(16).toString('hex')
...
return kid
Thanks! That answers my question.
Thanks @ernstwi for helping answer this question! You are correct, token.platformInfo.guid
comes from the ID token and it's the ID provided by the platform itself while token.platformId
is the ID generated by ltijs.
I'll be closing this issue now as it seems the question was answered.
I need to know the name and a unique id for the Platform associated with an LTI auth token. I see that
token.platformInfo.name
provides the name. However, I see bothtoken.platformInfo.guid
andplatformId
as candidates for the id. Which should I use? What is the difference between the two?