Closed achurch0607 closed 2 years ago
spvickers
commented
2 years ago I have used this library for a number of different tools, including https://saltire.lti.app/tool, and not encountered any issues. Were you using a PEM-formatted public key or a URL to a public key endpoint? If the former, try using the latest release (4.6.4) which fixed an issue with the update to the latest JWT library.
spvickers
commented
2 years ago I have tried using https://lti-ri.imsglobal.org/ as a platform to launch to https://saltire.lti.app/tool as the tool, but currently after the OIDC exchange the platform is sending a message without includiung the state parameter so it is rejected. This looks like a bug with https://lti-ri.imsglobal.org/ but I'll continue to explore this. Have you tried using any other platforms such as Moodle, Canvas, Blackboard or Brightspace?
achurch0607
commented
2 years ago Thank you for the response. I am using a URL to a public key endpoint. I have tested in moodle and receive the following error: "signature check failed - perhaps an invalid public key or timestamp"
spvickers
commented
2 years ago I have explored the IMS reference implementation further and it appears that it only supports authentication requests sent using HTTP GET requests. The spec allows GET or POST to be used and this library uses POST. When I changed this to use GET, the launch from the reference implementation was successful with the saLTIre tool.
As for your issue when launching from Moodle, have you set the logging level to debug and inspected the requests being received and sent by your tool? Have you checked the time set on your server?
achurch0607
commented
2 years ago Thank you for your help. This should help get our tool working in the IMS reference implementation for additional testing. I will look into additional debugging for moodle and checking the time on the servers.
spvickers
commented
2 years ago Good luck with your debugging. It is probably not of any use to you, but I have added a "Use GET for authentication request messages?" option to the saLTIre tool to allow users to override the use of POST when sending authentication requests to platforms. I am undecided about whether to add such an option to this library - I have never come across any other platforms which do not support POST requests to this endpoint. Support for both GET and POST is required by both the IMS LTI 1.3 spec and the Open ID Connect spec on which it is based.
I am attempting to use this library for our tool. We used the older version of this library for lti 1.1 and am hoping to use this for LTI Advantage. It works when testing against https://saltire.lti.app/platform When testing against https://lti-ri.imsglobal.org/ it fails the OIDC check. When testing using moodle as a platform I get "An error occurred when launching the external tool:Debug error: JWT signature check failed - perhaps an invalid public key or timestamp"
I have tried the example tool and can get it to launch in https://saltire.lti.app/platform but will not launch in https://lti-ri.imsglobal.org/
Has anybody used this library to test against a platform here with any success? https://lti-ri.imsglobal.org/
I am hoping to find a little support for this library to get me through this roadblock.