All geek questions in one place

LTI launches authentication using Node.js

I created a simple hi-fi web application using the express.js framework.

I want the application to be compatible with IMS-LTI so that moodle and other learning management systems can run it as an external tool.

However, I do not understand how to authenticate LTI launch in my application (it uses oauth), and I cannot find express.js / node.js examples of how this is done. I see that there is a pass-lti node module ( https://www.npmjs.org/package/passport-lti ), but as a noob with node I just don't understand the sparse documentation.

I used the .js passport to create local authentication - using this video ( https://www.youtube.com/watch?v=twav6O53zIQ ), I was hoping for similar help for LTI triggering authentication ...

Any help is appreciated.

Cheers, Ollie

+6
source share
2 answers

When an LTI Tool user (such as LMS) launches an LTI application (tool provider), the LTI Tool sends an HTTP message.

To verify the authenticity of the publication, you need to verify that the post variable "oauth_signature" is valid by redistributing the signature locally using the shared secret key that you exchanged with the tool user when the LTI tool was configured.

The OAuth signature verification act is most likely handled by the OAuth library. Nodejs already have these, so please do not override them.

You can read the full process of checking the launch request in the IMS Global Documentation

+1
source

Just wanted to mention that I finished work on this example.

https://github.com/ripples/Present/blob/master/server/app.js#L35

passport.use('lti-strategy', new CustomStrategy( function(req, callback) { var val = (req.body) ? req.body : req.user try{ var provider = new lti.Provider(val , process.env.LTI_SECRET) if(req.user){ callback(null, val) } else{ provider.valid_request(req, function(err, isValid) { if(err){ console.log("LTI Error", err, isValid) } callback(err, val) }); } } catch(err){ console.log("Authenication error", err) callback(err, null) } } ))

I finished developing a custom passport strategy and used a different library for authentication.

https://github.com/omsmith/ims-lti

This is the new lti.Provider bit, the key is that it accepts a post req object for LTI to execute auth.

+1
source

Source: https://habr.com/ru/post/979179/

More articles:


All Articles