search

js-kyle / nodejs-lti-provider

A minimal LTI provider example using Node.js.
MIT License
25 stars 12 forks source link

Heroku gets empty session #6

Closed TiboDeMunck closed 3 years ago

TiboDeMunck commented 3 years ago

Works perfect when hosted locally but doesn't as deployed to Heroku. req.session only receives {"cookie":{"originalMaxAge":null,"expires":null,"httpOnly":true,"path":"/"}} and wont receive userId etc.

Am I missing a setting in Heroku or did I wrongly import the LTI in Instructure Canvas?

doldsimo commented 2 years ago

@TiboDeMunck did you found any solution?

TiboDeMunck commented 2 years ago

Bit too long ago to remember, I believe that in the end it did actually work but only when the lti had the setting to be opened in a seperate window. But it's too long ago and I should have posted my solution when I closed the issue.

doldsimo commented 2 years ago

For everybody else to fix the problem:

The problem was that the session variables are not passed by nodejs after redirect. So change the redirect statement in the /lti/index.js from:

req.session.email = provider.body.lis_person_contact_email_primary;
  req.session.contextId = provider.context_id;
  req.session.userId = provider.userId;
  req.session.username = provider.username;
  req.session.ltiConsumer = provider.body.tool_consumer_instance_guid;
  req.session.isTutor = provider.instructor === true;
  req.session.context_id = provider.context_id;

  return res.redirect(301, '/application');

to: 

return res.redirect(url.format({
  pathname:"/application",
  query: {
     email: provider.body.lis_person_contact_email_primary,
     contextId: provider.context_id,
     userId: provider.username,
     username: provider.username,
     ltiConsumer: provider.body.tool_consumer_instance_guid,
     isTutor: provider.instructor === true,
     context_id: provider.context_id
   }
}));

and get the variables in the app.js:

app.get('/application', (req, res, next) => {
  console.log(req.query);
  if (req.query.userId) {
    return res.render('index', {
      email: req.query.email,
      username: req.query.username,
      ltiConsumer: req.query.ltiConsumer,
      userId: req.query.userId,
      isTutor: req.query.isTutor,
      context_id: req.query.context_id
    })
  } else {
    next(new Error('Session invalid. Please login via LTI to use this application.'));
  }
});

hopefully it helps someone.