Dynamic Registration erroring out in Moodle

[dmolin]

I'm having a hard time setting up Dynamic registration with Moodle.

This is how my dynamic registration section looks like in my lti.setup() call:

lti.setup({...}, {
   ...
    dynRegRoute: "/register",
    dynReg: {
      url: `http://192.168.1.25:3000/ltitool`,
      name: "Simulation games",
      description: "Simulation games",
      redirectUris: ["http://192.168.1.25:3000/ltitool/launch"],
      autoActivate: true
    }
})

When I try to configure my tool in Moodle via dynamic registration (http://192.168.1.25:3000/ltitool/register) I get a 500 error response with this JSON output:

{
  "status": 500,
  "error": "Internal Server Error",
  "details": {
    "message": "Response code 401 (Unauthorized)"
  }
}

Everything else works perfectly; it's just dynamic registration that doesn't seem to be working. I can see Moodle contacting my tool address with the correct parameters it seems:

http://192.168.1.25:3000/ltitool/register?openid_configuration=http%3A%2F%2F192.168.1.239%2Fmod%2Flti%2Fopenid-configuration.php&registration_token=eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsImtpZCI6ImIxMWE0M2Y0Yjg4MGUwYWI2YWU5In0.eyJzdWIiOiJyNXZJUXNac0lORm9nQVAiLCJzY29wZSI6InJlZyIsImlhdCI6MTY2MzMxOTgzNSwiZXhwIjoxNjYzMzIzNDM1fQ.SNfqqcOLuDYqU-KGuWfOSBWmVPNnApjZincjpJUZ_gKYjiOeJ9yPcMmUYTTcHvpPSNm3U3K8OR3cBjuRblxWZE1brf9qiP8vBHbZF-U1qCJEl1p5BJiRCBBpEE3aoU-gvGk36yPU5l9j4D-84ZZGlqe51I9CXx2EiDfe4Ppr7pS4DHI6ogLL6jo2LIfCTYsYCX2NgmO1EQHz-NdtSvBZVA_h7Tw9K-kvoHeLrYqw-32tMSiVD6GKVvXNr0wMTFxuybgycDIsbwSbgxZi2ehy4m1DLQzHaXNQ8g6kuEfhxtHY6dgZv9raFsHAih5sHIsnQiZ-B5noN1YgWjFeCLu8Og

But LTIJS always errors out with the same response. Maybe I'm missing some config option here? any help would be greatly appreciated 😄

Ltijs version

• Version: latest

NodeJS version

• Version 14.18.3

Platform used

• Moodle

[dmolin]

@johnnyoshika you told me once you're using Dynamic registration with Moodle in your code without issues; do you see anything out of place in my setup code?

[dmolin]

@Cvmcosta the error seems to be happening here, in DynamicRegistration.js:

const registrationResponse = await got.post(configuration.registration_endpoint, { json: registration, headers: registrationToken ? { Authorization: 'Bearer ' + registrationToken } : undefined }).json()

The call errors out with the 401 error. from what I can see it seems the post contains all the required data (here a brief dump):

{
  json: {
     application_type: 'web',
     response_types: [ 'id_token' ],
     grant_types: [ 'implicit', 'client_credentials' ],
     initiate_login_uri: 'http://192.168.1.25:3000/ltitool/login',
     redirect_uris: [
       'http://192.168.1.25:3000/ltitool/launch',
       'http://192.168.1.25:3000/ltitool/launch'
     ],
     client_name: 'Simulation Games',
     jwks_uri: 'http://192.168.1.25:3000/ltitool/keys',
     logo_uri: undefined,
     token_endpoint_auth_method: 'private_key_jwt',
     scope: 'https://purl.imsglobal.org/spec/lti-ags/scope/lineitem.readonly https://purl.imsglobal.org/spec/lti-ags/scope/lineitem https://purl.imsglobal.org/spec/lti-ags/scope/score https://purl.imsglobal.org/spec/lti-ags/scope/result.readonly https://purl.imsglobal.org/spec/lti-nrps/scope/contextmembership.readonly',
     'https://purl.imsglobal.org/spec/lti-tool-configuration': {
       domain: '192.168.1.25:3000',
       description: 'Simulation Games',
       target_link_uri: 'http://192.168.1.25:3000/ltitool/launch',
       custom_parameters: {},
       claims: [Array],
       messages: [Array]
     }
   },
   headers: {
     Authorization: 'Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsImtpZCI6ImIxMWE0M2Y0Yjg4MGUwYWI2YWU5In0.eyJzdWIiOiIxcjNnSm1CbzFFUnR3emwiLCJzY29wZSI6InJlZyIsImlhdCI6MTY2MzMyNzg3NCwiZXhwIjoxNjYzMzMxNDc0fQ.Mpjmd0pSubqjfI1MU2qXB7loav_tmmq-PsQ6ssdJxYnTy_vVs-R13DvaHW4Wt7NmQ1jgW3lNH_VCpF_A2ha8DSg6z_AFHOhTG1ntUJqaEgILisgUzEo3PNSz07oK0HlzTiiZsmOewO2aKGupK8d0uasczJi_SKGmtVMVs-2uIfQ58sJDMGjCa_BRnfioiDPa39cx40T4bVd9OWERDeSH-6PteZy9rLJn4pzj_Y_fdkGR2oHMOGrPvW6IIfMMpuyIIEIoD68VyGaY9wiIjIJeU_P4RrrvQbdEP4aoZubh6hzeUibT_lBW-5J-72zoKNpBFScpktsgJwshx77pHdT0_A'
   }
}

The JWT sent back is exactly the same one received from Moodle in the /ltitool/register call so all seems fine there.

So, as far as I can see the error seems to be happening somewhere inside of the mod/lti/openid-registration.php file in Moodle

[dmolin]

@Cvmcosta I tried to add some logging to /lti/openid-registration.php and it looks like $authheader is empty. This, despite being provided by ltijs in the got.post() call it looks like.

I also tried testing a post via Postman, providing the Authorization header and it still doesn't show up in Moodle if I do a printout of the apache_request_headers() function output:

[dmolin]

Solved. it seems dynamic registration only works when both moodle and the tool are running over https, so it was a false alarm!

Before closing this issue @Cvmcosta though I've a question: when configuring a tool manually in Moodle I can choose things like "Default launch container (embed, existing window, new window)" and set Privacy settings... is there a way to pre-set all that stuff when doing dynamic registration?

[Cvmcosta]

@dmolin There's nothing in the spec regarding the launch container, sadly. Regarding privacy settings, the closer we have is the claims field.

An array of claims indicating which information this tool desire to be included in each idtoken. 
The tool should be explicit about identity claims such as sub, given_name, ... It should omit LTI claims
when the inclusion of those is driven by the message definition.

Ltijs is currently requesting that the LMS return every claim it's allowed to claims: configuration.claims_supported, there's no way to customize this at the moment.

[dmolin]

Thanks for letting me know @Cvmcosta ; I actually noticed that just by ising Ltijs I seem to get all the right values in the Privacy section, so that's already something! Thanks again for your fantastic work, it's really making the life of many developers much easier!

[Cvmcosta]

@dmolin Thank you! Really happy to help!!