wrong return url for database connection errors for ContentItemSelectionRequest launches

[scollovati]

If you simulate a database connection error (i.e. by setting $tool = new MyLtiLTI(null);) and you launch it with a message ContentItemSelectionRequest, the tools instead of doing a GET redirect to the launch_presentation_return_url it does a POST-form to content_item_return_url.

However, since the database is not working, the LMS returns an LTI/Oauth error, instead of the usual message displayed by the launch_presentation_return_url page.

[spvickers]

The launch_presentation_return_url parameter is not part of the Content-Item spec and so I would not expect this to be used when an error arises. The spec allows the error message to be returned as a POST parameter to the content_item_return_url (see section 3.4.1) so the current behaviour sounds correct to me, albeit it cannot be properly signed because of the database connection error. I would hope and expect a platform to display/log the messages included in the response anyway especially if it recognises the URL as a valid return address.

[scollovati]

Right, my fault. I checked the specs and it is stated

The response message must be signed unless the initial request included an accept_unsigned parameter with a value of true. Otherwise the TP may choose whether to sign the response message, or not. Messages are signed using OAuth ([OAuth, 10]) in the same way as LTI launch request messages ([LTI, 12]).