Skip to content

Commit

Permalink
Separate the LTI 1.3 access token audience and URL.
Browse files Browse the repository at this point in the history
This adds a new LTI 1.3 authentication parameter named
`$LTI{v1p3}{AccessTokenAUD}`.  This is used for the audience (`aud`) in
the signed JWT that is sent when requesting an access token from the
LMS.  This access token is used for grade passback.

Previously the `$LTI{v1p3}{AccessTokenURL}` was used for both the
audience and the actual URL that the access token request containing the
signed JWT is sent to.  I suspect that the audience and the URL may not
be the same for all LMS's.  They are the same for Moodle.  These also
needed to be the same for testing on my local Canvas instance.  However,
@Alex-Jordan showed me some information from D2L that indicates these
are different there.  I suspect these may need to be different for
Canvas in production as well.
  • Loading branch information
drgrice1 committed Mar 6, 2024

Verified

This commit was created on GitHub.com and signed with GitHub’s verified signature.
1 parent 9dab72e commit fe03f91
Showing 2 changed files with 2 additions and 1 deletion.
1 change: 1 addition & 0 deletions conf/authen_LTI_1_3.conf.dist
Original file line number Diff line number Diff line change
@@ -100,6 +100,7 @@ $LTI{v1p3}{ClientID} = '';
$LTI{v1p3}{DeploymentID} = '';
$LTI{v1p3}{PublicKeysetURL} = '';
$LTI{v1p3}{AccessTokenURL} = '';
$LTI{v1p3}{AccessTokenAUD} = '';
$LTI{v1p3}{AuthReqURL} = '';

# In the process of LTI 1.3 authentication a request is sent to the LMS in response to its
2 changes: 1 addition & 1 deletion lib/WeBWorK/Authen/LTIAdvantage/SubmitGrade.pm
Original file line number Diff line number Diff line change
@@ -138,7 +138,7 @@ async sub get_access_token ($self) {
my $jwt = eval {
encode_jwt(
payload => {
aud => $ce->{LTI}{v1p3}{AccessTokenURL},
aud => $ce->{LTI}{v1p3}{AccessTokenAUD},
iss => $c->url_for('root')->to_abs->to_string,
sub => $ce->{LTI}{v1p3}{ClientID},
jti => $private_key->{kid}

0 comments on commit fe03f91

Please sign in to comment.