[Question] Id for a platform

[bvds]

I need to know the name and a unique id for the Platform associated with an LTI auth token. I see that token.platformInfo.name provides the name. However, I see both token.platformInfo.guid and platformId as candidates for the id. Which should I use? What is the difference between the two?

[ernstwi]

Wondering this as well. It seems to me like token.platformInfo.guid is directly from the standard but not clear how to get this either from my platform (Canvas) or from ltijs programatically.

Meanwhile token.platformId looks to be how the platforms are actually identified within an ltijs Provider (see e.g. Provider.getPlatformById). Interestingly platformId is persistent across launches even when wiping the database. So it must be constructed from something.

[ernstwi]

My mistake, platformId does not persist database wipes! Some reading of the code found that it is simply randomly generated and is the same as what is called platform key id, or "kid".

---

platformId prop is added in Auth.verifyToken:

// Adding clientId and platformId information to token
verified.clientId = await platform.platformClientId()
verified.platformId = await platform.platformKid()

Platform constructor describes the parameter kid:

 * @param {string} kid - Key id for local keypair used to sign messages to this platform.

registerPlatform gets the value which is passed to Platform constructor:

kid = await Auth.generatePlatformKeyPair(_ENCRYPTIONKEY, _Database, platform.url, platform.clientId)

And finally we get to the start where kid is generated in Auth.generatePlatformKeyPair:

let kid = crypto.randomBytes(16).toString('hex')
...
return kid

[bvds]

Thanks! That answers my question.

[Cvmcosta]

Thanks @ernstwi for helping answer this question! You are correct, token.platformInfo.guid comes from the ID token and it's the ID provided by the platform itself while token.platformId is the ID generated by ltijs.

I'll be closing this issue now as it seems the question was answered.