Closed jonespm closed 1 year ago
@jonespm, do you want me to pick this up? Not sure what else is on your plate right now.
Yeah, go ahead if you have time, I was hoping to get to this tomorrow but focusing on MyLA issues today.
Tested with CAE Dev integration with Canvas Test server:
With Chrome developer tools, copy the payload from /launch call, and pasted it into jwt.io site, find the existence of deployment_id value: "https://purl.imsglobal.org/spec/lti/claim/deployment_id": "id_part_1:id_part_2".
Since the pyltilp3 will always send a deployment id, there is no need to fake the launch call to omit the deployment_id value. This PR has already placed a catch for the null value situation.
We failed the certification in MyLA because we allowed missing deployment ids. We could probably turn this on and validate it but if it's missing completely this should have an error and fail.
This will likely pull the similar fix over from MyLA https://github.com/tl-its-umich-edu/my-learning-analytics/issues/1396
https://github.com/tl-its-umich-edu/canvas-app-explorer/blob/559dd15ea7a5a5144a9243628dfc888ba5cf219c/backend/canvas_app_explorer/lti1p3.py#L33