From 16e83058894e7515ce4ce9f4a068d8c45706c6fd Mon Sep 17 00:00:00 2001
From: Glenn Rice <grice1@missouriwestern.edu>
Date: Tue, 27 Feb 2024 19:50:31 -0600
Subject: [PATCH] Add an `$LTI{v1p3}{OverrideSiteProtocolDomain}` LTI 1.3
 configuration variable.

This is similar to the same named LTI 1.1 configuration variable.  It
should be set to a URL, and the protocol and domain name in the URL
replace the protocol and domain of the server as seen by the webwork2
app that is used for the issuer in the JWT sent to the LMS when
requesting an access token for grade passback.
---
 conf/authen_LTI_1_3.conf.dist                  |  6 ++++++
 lib/WeBWorK/Authen/LTIAdvantage/SubmitGrade.pm | 12 +++++++++++-
 2 files changed, 17 insertions(+), 1 deletion(-)

diff --git a/conf/authen_LTI_1_3.conf.dist b/conf/authen_LTI_1_3.conf.dist
index 584d601a3a..743bdc772a 100644
--- a/conf/authen_LTI_1_3.conf.dist
+++ b/conf/authen_LTI_1_3.conf.dist
@@ -103,6 +103,12 @@ $LTI{v1p3}{AccessTokenURL}  = '';
 $LTI{v1p3}{AccessTokenAUD}  = '';
 $LTI{v1p3}{AuthReqURL}      = '';
 
+# This allows you to declare the protocol and domain of the issuer used in the JWT that is sent
+# when an access token is requested for grade passback from the LMS. These will replace the
+# protocol and domain in the root url for this server.
+$LTI{v1p1}{OverrideSiteProtocolDomain} = '';
+#$LTI{v1p1}{OverrideSiteProtocolDomain} = 'https://vmwebwork42.myschool.edu';
+
 # In the process of LTI 1.3 authentication a request is sent to the LMS in response to its
 # request.  State and nonce values are sent with this request, and those values must be verified
 # in the next response from the LMS.  These values are saved in the database so that they will
diff --git a/lib/WeBWorK/Authen/LTIAdvantage/SubmitGrade.pm b/lib/WeBWorK/Authen/LTIAdvantage/SubmitGrade.pm
index f62e9b3629..00c881843b 100644
--- a/lib/WeBWorK/Authen/LTIAdvantage/SubmitGrade.pm
+++ b/lib/WeBWorK/Authen/LTIAdvantage/SubmitGrade.pm
@@ -134,11 +134,21 @@ async sub get_access_token ($self) {
 		return;
 	}
 
+	# The url of the request is used for the issuer by default. This
+	# can be overriden by the OverrideSiteProtocolDomain setting.
+	my $iss = $c->url_for('root')->to_abs;
+	if ($ce->{LTI}{v1p3}{OverrideSiteProtocolDomain}) {
+		my $override = Mojo::URL->new($ce->{LTI}{v1p3}{OverrideSiteProtocolDomain});
+		$iss->scheme($override->scheme);
+		$iss->host($override->host);
+	}
+	$c->log->info($iss);
+
 	my $jwt = eval {
 		encode_jwt(
 			payload => {
 				aud => $ce->{LTI}{v1p3}{AccessTokenAUD},
-				iss => $c->url_for('root')->to_abs->to_string,
+				iss => $iss,
 				sub => $ce->{LTI}{v1p3}{ClientID},
 				jti => $private_key->{kid}
 			},