Use with Moodle

[szecsi]

I am trying to get eLTI to work with Moodle.

I have followed the steps in the "Implementation" section of the documentation and managed to deploy eLTI, without changes in code, to my AWS account. Setup and integration tests succeed.

Now I am trying to do the "Out-of-band registration" from the "Architecture" section. The URL to pass to Moodle for LTI Advantage registration, I believe, is what I see in API Gateway / LTIConfig / Stages, something like: https://.execute-api.eu-central-1.amazonaws.com/prod/tool

This fails with {"message":"Missing Authentication Token"}. I have no idea how to address this.

I also tried manual registration, with the following settings: Tool URL https://.execute-api.eu-central-1.amazonaws.com/prod/tool Public keyset https://.execute-api.eu-central-1.amazonaws.com/prod/jwks.json Initiate login URL https://.execute-api.eu-central-1.amazonaws.com/prod/login Redirection URI(s) https://.execute-api.eu-central-1.amazonaws.com/prod/authorizerProxy

with the latter ones only being wild guesses, admittedly. This allows me to create an activity on Moodle, and when launching it I get {"error":"No PlatformConfig record found for PLATFORM#K3xsVRt2SFeFIJP#http://my.moodle.server#1."}

I see that this results from a DynamoDB lookup from a table that only has entries for lms-integ-test.com. I suspect some entry for Moodle should be added to this table, but probably not manually.

I would of course prefer the automatic registration to work. Additionally, I believe it would be helpful if an example Tool using eLTI would be available, as I have little idea how that should be implemented. Any guidance or references to documentation would be appreciated.

Also, is it possible to request assistance as part of the support included with my AWS account, and if yes, what service should I indicate on the support request form?

Thank you very much!

[szecsi]

I have made quite some progress. I am using AWS Cognito as the Tool OIDC, and registered eLTI as an identity provider there. The current issue is with the "Add an Identity provider" in Cognito. It expects a Provider URL (Specify the secure OpenID Connect URL for authentication requests.), which I would expect should be https://xxxxxxxxxxxxx.execute-api.eu-central-1.amazonaws.com/prod/authorizerProxy

eLTI does not expose .well-known/openid-configuration. If I add it as a resource with a Mock mapping returning a handcrafted JSON, I can add the Indentity Provider properly, but I only managed to add such a resource as https://xxxxxxxxxxxxx.execute-api.eu-central-1.amazonaws.com/prod/.well-known/openid-configuration, not https://xxxxxxxxxxxxx.execute-api.eu-central-1.amazonaws.com/prod/authorizerProxy/.well-known/openid-configuration. In the former case, Cognito redirects to prod, which does not exist, resulting in {"message":"Missing Authentication Token"}.

The question is, how exactly can I register eLTI to Cognito.

[szecsi]

I have made some headway. The OpenID Connect Launch flow seems to run as expected to step 12, with eLTI's tokenProxy lambda executing successfully. However, the final tool redirect URL is called by Congito passing the error message error_description=invalid_token_signature%3A+Could+not+match+the+desired+key+identifier+within+the+list+of+keys

This indicates there is still a misconfiguration somewhere. As the documentation only says "eLTI Admin adds Tool and Tool OIDC information to eLTI via Configuration API.", but the API takes an otherwise opaque "data" parameter, I reverse engineered the supposed contents from the DB entry TOOL#integ-test-client-id#https://lms-integ-test.com.

Where should I be looking for a configuration error?

[ohde]

@szecsi Thank you for your interest and questions. The steps outlined in the additional documentation in #16 will address the gaps that you mentioned above. If you have questions after walking through the documentation, let me know and I will clarify. After you get it configured with Moodle successfully, if you are interested in contributing, it would be great to see the documentation expanded to include Moodle!