Documentation on validating launch request in Flask

[annatraussnig]

First of all, thanks a lot for this very useful library. I am building an LTI provider with Flask and I've been able to post back grades to the consumer without any difficulty! However I am struggling to figure out how to validate the incoming launch request from the provider. Is this library supporting that? If yes, how should I proceed? I simply need to validate the Oauth signature and the various LTI params. Let me know if you have any tips!

[ryanhiebert]

The example given in the readme that's marked for Django should be applicable to Flask as well, once you've created the provider instance.

# the tool provider uses the 'oauthlib' library which requires an instance
# of a validator class when doing the oauth request signature checking.
# see https://oauthlib.readthedocs.org/en/latest/oauth1/validator.html for
# info on how to create one
validator = RequestValidator()

# validate the oauth request signature
ok = tool_provider.is_valid_request(validator)

When you're writing your validator subclass, be sure to look at what methods and properties the SignatureOnlyEndpoint needs. That's what lti uses under the hood, so it's what you'll need to implement.

[annatraussnig]

Thanks! It took me a little while to get the hang of oauthlib (looking at your tests helped), but I got there eventually. A caveat in case others struggle with validating the request: both your consumer key and your consumer secret must be ASCII and between 20 and 30 characters long, otherwise the validation will fail.