why:
- To allow tools at this placement to specify an additional bit of
description other than just title.
- Additionally, we've removed support for the
submission_type_selection_launch_points configuration option.
It was determined this is no longer required.
flag=none
fixes INTEROP-8478
test-plan:
- Note: This is very similar to the plan in d78cbba.
- Install the LTI 1.3 test tool (or any other tool) in the
submission_type_selection placement.
- Modify the configuration for the submission_type_selection placement
so that it now includes a description property. You can do this by
editing the JSON on the dev keys page or through the Rails console
with something like:
```ruby
tc = DeveloperKey.find(123456).tool_configuration
tc.settings["extensions"].first["settings"]["placements"].find {|p|
p.placement == "submission_type_selection}["description"] = "foobarbaz"
tc.save!
```
- It should save without causing issues.
- Go to the new Assignment page, open the web console, then type
`ENV.SUBMISSION_TYPE_SELECTION_TOOLS` and look for the tool you
modified. A description property should now be present with the
description you just put in.
Change-Id: I0a032eec4202c725dea6dcea7450101c6db124b6
Reviewed-on: https://gerrit.instructure.com/c/canvas-lms/+/341194
Reviewed-by: Evan Battaglia <ebattaglia@instructure.com>
QA-Review: Evan Battaglia <ebattaglia@instructure.com>
Product-Review: Alexis Nast <alexis.nast@instructure.com>
Tested-by: Service Cloud Jenkins <svc.cloudjenkins@instructure.com>
rationale:
- To allow internal and partner tools to specify multiple launches that
can occur in the submission_type_selection placement.
- This is only the backend work. The frontend work will take place
in a later commit.
- This only works for 1.3 tools. 1.1 tools, such as Mastery Connect,
replicate this behavior by installing multiple versions of the tool so
that multiple versions get listed.
closes INTEROP-8399
flag=none
test-plan:
- Install the 1.3 test tool with the submission_type_selection
placement.
- Modify the Lti::ToolConfiguration associated with that developer key
by navigating to the Developer Key associated with the tool and
manually modifying the JSON. Search for the
`submission_type_selection` placement entry object and add a new
`submission_type_selection_launch_points` property
so that it looks something like this:
```
{
"text": "LTI 1.3 Test Tool",
"enabled": true,
"icon_url": "https://static.thenounproject.com/png/131630-200.png",
"placement": "submission_type_selection",
"message_type": "LtiDeepLinkingRequest",
"target_link_uri": "http://lti13testtool.docker/launch?placement=submission_type_selection",
"canvas_icon_class": "icon-lti"
"submission_type_selection_launch_points" => [
{
"target_link_uri": "http://lti13testtool.docker/launch?placement=submission_type_selection",
"icon_url":
"https://static.thenounproject.com/png/131630-200.png",
"title": "First"
},
{
"target_link_uri": "http://lti13testtool.docker/launch?placement=submission_type_selection",
"icon_url":
"https://static.thenounproject.com/png/131630-200.png",
"title": "Second"
},
]
},
```
- Navigate to the assignment creation page and open up the developer
tools.
- In the console, type `ENV.SUBMISSION_TYPE_SELECTION_TOOLS`
- Assuming you only have the 1.3 tool installed, you should see just it
listed. You should see an additional property in the object, that
wasn't there before, titled:
"submission_type_selection_launch_points" that contains the
appropriate info.
Change-Id: I2a671f66e00f5c7dca99605710a93cf59b5ef360
Reviewed-on: https://gerrit.instructure.com/c/canvas-lms/+/338648
Tested-by: Service Cloud Jenkins <svc.cloudjenkins@instructure.com>
Reviewed-by: Tucker Mcknight <tmcknight@instructure.com>
QA-Review: Tucker Mcknight <tmcknight@instructure.com>
Product-Review: Alexis Nast <alexis.nast@instructure.com>
This isn't doing anything anyway, since additional properties are
allowed and we check that all values are strings in the model
validation.
flag=none
refs INTEROP-8257
Test plan:
- n/a
Change-Id: If28fd2a4366b14f0b1c26390b39c348df93699b4
Reviewed-on: https://gerrit.instructure.com/c/canvas-lms/+/329807
Reviewed-by: Xander Moffatt <xmoffatt@instructure.com>
QA-Review: Evan Battaglia <ebattaglia@instructure.com>
Product-Review: Evan Battaglia <ebattaglia@instructure.com>
Tested-by: Service Cloud Jenkins <svc.cloudjenkins@instructure.com>
closes INTEROP-8247
flag=none
Why:
- So tools can launch from the right region from the start, e.g. for
data residency reasons
Test plan:
* modify `development` in config/database.yml to add e.g.,
`region: us-west-2`, where `us-west-2` is some region.
added in the tool configuration. Restart canvas.
* In the UI, create / edit an LTI 1.3 DeveloperKey to have an
"oidc_initiation_urls" property in the settings, with two regions,
including the one you put in config/database.yml. The easiest thing is
to just add a different query parameter for each so your tool will
still launch. e.g.:
"oidc_initiation_urls": {
"us-east-1": "https://mytool/login?region=useast1",
"us-west-2": "https://mytool/login?region=uswest2"
}
* open up dev tools. Launch tool in a couple different placements (e.g.,
assignment_selection and an assignment launch), and observe that the
region-specific URL is launched.
- modify the region in config/database.yml so use a region not in
the config. launch the tool. it should use the default
oidc_initiation_url.
- Edit the developer and modify the initiation URL for the current
region to be not a string. It should fail to save. Not that we allow
additional properties, so if you add e.g.
`"somethingmadeup": "http://someurl.com"`, it won't complain. (I'm
open to changing that, but we don't currently do it for any field in
the schema)
- Try changing oidc_initiation_urls to something other than an object.
Saving should fail.
- Build the documentation with `dexec rake doc:api` and visit the
documentation at `/doc/api/file.lti_dev_key_config.html`. Check that
the added JSON in the example is correct, the copy under
`oidc_initiation_urls` makes sense, and that the link to it under
from the `environments` param info work.
Change-Id: Ie370b677700853beac283739457f9541aa6b36a1
Reviewed-on: https://gerrit.instructure.com/c/canvas-lms/+/329301
Tested-by: Service Cloud Jenkins <svc.cloudjenkins@instructure.com>
Reviewed-by: Xander Moffatt <xmoffatt@instructure.com>
QA-Review: Xander Moffatt <xmoffatt@instructure.com>
Product-Review: Alexis Nast <alexis.nast@instructure.com>
refs INTEROP-7952
flags=none
why
This commit adds a table and matching ActiveRecord model to facilitate
Lti Registrations. This will be further used in building support for
Dynamic Registration.
test plan:
Make sure the migrations run, and the `lti_ims_registrations` table is
created.
Change-Id: I1d3f6b46d08de7dd68254553191de65fdf72138e
Reviewed-on: https://gerrit.instructure.com/c/canvas-lms/+/313519
Tested-by: Service Cloud Jenkins <svc.cloudjenkins@instructure.com>
Reviewed-by: Xander Moffatt <xmoffatt@instructure.com>
QA-Review: Xander Moffatt <xmoffatt@instructure.com>
Migration-Review: Jacob Burroughs <jburroughs@instructure.com>
Product-Review: Paul Gray <paul.gray@instructure.com>
why:
* to be consistent in allowing deep linking content to be added from the
3-dot menu at the top of the modules page and for each module
closes INTEROP-7294
flag=lti_multiple_assignment_deep_linking,lti_deep_linking_line_items
test plan:
* install a 1.3 test tool that has the module_menu_modal placement
configured, and with a message_type of LtiDeepLinkingRequest
* make sure these feature flags are enabled:
* lti_multiple_assignment_deep_linking
* lti_deep_linking_line_items
* lti_deep_linking_module_index_menu_modal
* from the modules page, click on the 3-dot menu in an existing module
* you should be able to launch the tool from there, which wasn't
possible before
* launch and return these content items. all scenarios should reload the
page and add things to the module:
* 1 content item: should add 1 item to the module
* many content items: should add all items to the module
* 1 content item with line item: should add 1 assignment to the module
* many content items with line items: should add all items to the
module as assignments
* many mixed content items (some with line items and some without):
should correctly add all items to the module as either lti links or
assignments
Change-Id: Id0c4d7933213b8a8acfab0a4c988807cddcedfa7
Reviewed-on: https://gerrit.instructure.com/c/canvas-lms/+/287770
Tested-by: Service Cloud Jenkins <svc.cloudjenkins@instructure.com>
Reviewed-by: Tucker Mcknight <tmcknight@instructure.com>
QA-Review: Tucker Mcknight <tmcknight@instructure.com>
Product-Review: Alexis Nast <alexis.nast@instructure.com>
refs INTEROP-7075
flag=none
why:
* the existing module_index_menu lives behind a feature flag, and opens
in a tray, both of which are not ideal for a new standard placement that
will be used for adding module items and assignments via deep linking
* replicate course_assignments_menu, which opens a modal from
the assignments index, on the modules page
test plan:
* run webpack if needed
* install a new 1.3 tool with this placement, or add it to an existing
tool with a message type of `LtiResourceLinkRequest`
* from the modules page, click the 3 dots menu in the top right
of the page
* your tool should be an option there
* it should launch in a modal, and not be a deep linking request
Change-Id: I7f75b7397638e2554602cbf70b77bdf4ec7e512a
Reviewed-on: https://gerrit.instructure.com/c/canvas-lms/+/276155
Tested-by: Service Cloud Jenkins <svc.cloudjenkins@instructure.com>
Reviewed-by: Mysti Lilla <mysti@instructure.com>
QA-Review: Alexandre Trindade <alexandre.trindade@instructure.com>
Product-Review: Karl Lloyd <karl@instructure.com>
We apparently we're restricting the values before
dbd8c466 fixed `"canvas_icon_class": { ... }` to
`"canvas_icon_class" => { ... }`
(Since that commit was ostensibly just a linting commit but changed
semantics, it might be worth revisiting other things in that commit.)
fixes INTEROP-7109
Test plan:
- Edit an LTI 1.3 dev key JSON in the Developer Keys UI
- Add "canvas_icon_class": "icon-pdf" to a placement in an LTI 1.3 dev key
- Make sure the dev key saves
- Observe that the dev key cannot be saved before this commit
Change-Id: Ibb22a8d5d9ebdb9b7afb99adf9ab2893be863165
Reviewed-on: https://gerrit.instructure.com/c/canvas-lms/+/276645
Tested-by: Service Cloud Jenkins <svc.cloudjenkins@instructure.com>
Reviewed-by: Xander Moffatt <xmoffatt@instructure.com>
QA-Review: Xander Moffatt <xmoffatt@instructure.com>
Product-Review: Karl Lloyd <karl@instructure.com>
refs FOO-2410
test plan:
- in dynamic_settings.yml, add the following block:
```
store:
canvas:
services-jwt:
# these are all the same JWK but with different kid
# to generate a new key, run the following in a Canvas console:
#
# key = OpenSSL::PKey::RSA.generate(2048)
# key.public_key.to_jwk(kid: Time.now.utc.iso8601).to_json
jwk-past.json: "{\"kty\":\"RSA\",\"e\":\"AQAB\",\"n\":\"uX1MpfEMQCBUMcj0sBYI-iFaG5Nodp3C6OlN8uY60fa5zSBd83-iIL3n_qzZ8VCluuTLfB7rrV_tiX727XIEqQ\",\"kid\":\"2018-05-18T22:33:20Z_a\",\"d\":\"pYwR64x-LYFtA13iHIIeEvfPTws50ZutyGfpHN-kIZz3k-xVpun2Hgu0hVKZMxcZJ9DkG8UZPqD-zTDbCmCyLQ\",\"p\":\"6OQ2bi_oY5fE9KfQOcxkmNhxDnIKObKb6TVYqOOz2JM\",\"q\":\"y-UBef95njOrqMAxJH1QPds3ltYWr8QgGgccmcATH1M\",\"dp\":\"Ol_xkL7rZgNFt_lURRiJYpJmDDPjgkDVuafIeFTS4Ic\",\"dq\":\"RtzDY5wXr5TzrwWEztLCpYzfyAuF_PZj1cfs976apsM\",\"qi\":\"XA5wnwIrwe5MwXpaBijZsGhKJoypZProt47aVCtWtPE\"}"
jwk-present.json: "{\"kty\":\"RSA\",\"e\":\"AQAB\",\"n\":\"uX1MpfEMQCBUMcj0sBYI-iFaG5Nodp3C6OlN8uY60fa5zSBd83-iIL3n_qzZ8VCluuTLfB7rrV_tiX727XIEqQ\",\"kid\":\"2018-06-18T22:33:20Z_b\",\"d\":\"pYwR64x-LYFtA13iHIIeEvfPTws50ZutyGfpHN-kIZz3k-xVpun2Hgu0hVKZMxcZJ9DkG8UZPqD-zTDbCmCyLQ\",\"p\":\"6OQ2bi_oY5fE9KfQOcxkmNhxDnIKObKb6TVYqOOz2JM\",\"q\":\"y-UBef95njOrqMAxJH1QPds3ltYWr8QgGgccmcATH1M\",\"dp\":\"Ol_xkL7rZgNFt_lURRiJYpJmDDPjgkDVuafIeFTS4Ic\",\"dq\":\"RtzDY5wXr5TzrwWEztLCpYzfyAuF_PZj1cfs976apsM\",\"qi\":\"XA5wnwIrwe5MwXpaBijZsGhKJoypZProt47aVCtWtPE\"}"
jwk-future.json: "{\"kty\":\"RSA\",\"e\":\"AQAB\",\"n\":\"uX1MpfEMQCBUMcj0sBYI-iFaG5Nodp3C6OlN8uY60fa5zSBd83-iIL3n_qzZ8VCluuTLfB7rrV_tiX727XIEqQ\",\"kid\":\"2018-07-18T22:33:20Z_c\",\"d\":\"pYwR64x-LYFtA13iHIIeEvfPTws50ZutyGfpHN-kIZz3k-xVpun2Hgu0hVKZMxcZJ9DkG8UZPqD-zTDbCmCyLQ\",\"p\":\"6OQ2bi_oY5fE9KfQOcxkmNhxDnIKObKb6TVYqOOz2JM\",\"q\":\"y-UBef95njOrqMAxJH1QPds3ltYWr8QgGgccmcATH1M\",\"dp\":\"Ol_xkL7rZgNFt_lURRiJYpJmDDPjgkDVuafIeFTS4Ic\",\"dq\":\"RtzDY5wXr5TzrwWEztLCpYzfyAuF_PZj1cfs976apsM\",\"qi\":\"XA5wnwIrwe5MwXpaBijZsGhKJoypZProt47aVCtWtPE\"}"
```
- Ensure /internal/services/jwks loads correctly
- In console, ensure `CanvasSecurity::ServicesJwt.decrypt(Base64.decode64(CanvasSecurity::ServicesJwt.for_user('localhost', User.first)))`
and `CanvasSecurity::ServicesJwt.decrypt(Base64.decode64(CanvasSecurity::ServicesJwt.for_user('localhost', User.first, symmetric: true)))`
both work and produce sensible looking output
Change-Id: I13c6c35cc92ed12d03bf97e89e590614e11c6d47
Reviewed-on: https://gerrit.instructure.com/c/canvas-lms/+/275160
QA-Review: August Thornton <august@instructure.com>
Product-Review: August Thornton <august@instructure.com>
Tested-by: Service Cloud Jenkins <svc.cloudjenkins@instructure.com>
Reviewed-by: Ethan Vizitei <evizitei@instructure.com>
Reviewed-by: Evan Battaglia <ebattaglia@instructure.com>
refs SAS-1540
* adds an audience setting to developer keys, so a key can be set to
target external audiences with its credentials grants
* when a key with an external audience grants credentials, the token is
signed with an asymmetric key instead of the internal symmetric key
* external audiences can retrieve the corresponding public keys from
/login/oauth2/jwks
* credentials issued by developer keys with an account id include the
account's guid in a custom claim
includes a refactor of key storage and rotation in consul, which had
already been done for LTI. but it wasn't really a feature of lti, just
something used by LTI, and we needed the same for key management for
this. moved it to be part of Canvas::Security
Change-Id: Ie5c0fcee6fc21687f31c109389a3bcc1ed349c5d
Reviewed-on: https://gerrit.instructure.com/c/canvas-lms/+/243606
QA-Review: Jonathan Featherstone <jfeatherstone@instructure.com>
Reviewed-by: Jonathan Featherstone <jfeatherstone@instructure.com>
Tested-by: Service Cloud Jenkins <svc.cloudjenkins@instructure.com>
Product-Review: Jacob Fugal <jacob@instructure.com>
test plan:
* enable the "Submission Type LTI Placement" feature
* add an external tool to a course or account with a
"submission_type_selection" placement configured
* should be able to create or edit an assignment and
select the tool directly from the submission type
drop down
* when selected, it should show a button
(that currently does nothing but will be used to
launch the tool for additional configuration)
* should be able to save the assignment with
the tool selected, and it should stay selected
when the saved assignment is edited again
flag=submission_type_tool_placement
closes #LA-725
Change-Id: Ic0dd44f91b61f3300c55db7e7b30d9180c7a14e2
Reviewed-on: https://gerrit.instructure.com/c/canvas-lms/+/237534
Reviewed-by: Clint Furse <cfurse@instructure.com>
Tested-by: Service Cloud Jenkins <svc.cloudjenkins@instructure.com>
QA-Review: Clint Furse <cfurse@instructure.com>
Product-Review: James Williams <jamesw@instructure.com>
closes CAL-6
flag=conference_selection_lti_placement
Test plan:
- Add LTI developer key at /accounts/self/developer_keys
- verify that conference_selection is not included in the
list of placement options
- turn on feature flag "Allow Conference Selection LTI placement"
at /accounts/site_admin/settings
- add LTI developer key again
- verify that conference_selection is included in
the placement options and tool can be saved/reloaded
Change-Id: Ie6016514a29e9362562aab1a7a33f0c3d808ed6a
Reviewed-on: https://gerrit.instructure.com/c/canvas-lms/+/232853
Tested-by: Service Cloud Jenkins <svc.cloudjenkins@instructure.com>
Reviewed-by: Weston Dransfield <wdransfield@instructure.com>
QA-Review: Steve Shepherd <sshepherd@instructure.com>
Product-Review: Michael Brewer-Davis <mbd@instructure.com>
Closes PLAT-4952
Test Plan:
- Install an LTI 1.3 tool that uses the new
scope and service endpoint
- Make a request to the new endpoint specifying
a feature flag that exists. Verify the
feature flag is returned in the response
with accurate data.
- Make a request to the new endpoint specifying
a feature flag that does not exist. Verify
the service responds with a 404
- Verify the new endpoint adheres to LTI
Advange authentication/authorization (
requres JWT access token, requres active
developer key, etc.)
Change-Id: Ifb876b541c237a3c9ca45270bafea5693d6a03eb
Reviewed-on: https://gerrit.instructure.com/211196
Tested-by: Jenkins
Reviewed-by: Clint Furse <cfurse@instructure.com>
QA-Review: Clint Furse <cfurse@instructure.com>
Product-Review: Weston Dransfield <wdransfield@instructure.com>
closes PLAT-4858
test plan:
- create an LTI dev key with a public_jwk_url instead of a public_jwk
- the url doesn't need to be anything special but
`https://canvas.instructure.com/api/lti/security/jwks`
is always a safe bet
- edit the LTI dev key and click save
- the save should return 200 and not show any errors
Change-Id: I85a732fb6b7e9a1f32a3156621ab9899f2bf68b9
Reviewed-on: https://gerrit.instructure.com/209913
Tested-by: Jenkins
Reviewed-by: Marc Phillips <mphillips@instructure.com>
QA-Review: Marc Phillips <mphillips@instructure.com>
Product-Review: Xander Moffatt <xmoffatt@instructure.com>
Refs Closes PLAT-4766
Test Plan:
Make sure you can save a tool configuraiton that uses the new
list_event_types scope
Change-Id: Ib0e9ce88e03a5cce71aae2a418557f67492234d7
Reviewed-on: https://gerrit.instructure.com/208079
Tested-by: Jenkins
Reviewed-by: Xander Moffatt <xmoffatt@instructure.com>
QA-Review: Clint Furse <cfurse@instructure.com>
QA-Review: Xander Moffatt <xmoffatt@instructure.com>
Product-Review: Weston Dransfield <wdransfield@instructure.com>
closes PLAT-4744
Test Plan:
- see that the index action returns a list
Change-Id: I92cc07c5476c7dd48202f38b62e09df6aa591b62
Reviewed-on: https://gerrit.instructure.com/206435
Reviewed-by: Weston Dransfield <wdransfield@instructure.com>
Tested-by: Jenkins
QA-Review: Marc Phillips <mphillips@instructure.com>
Product-Review: Marc Phillips <mphillips@instructure.com>
closes PLAT-4761
Test Plan:
- see that a call to this endpoint will show a sub
Change-Id: Ifc299aebe5cfbadaf82a1970f75ad182ffa31b29
Reviewed-on: https://gerrit.instructure.com/206489
Reviewed-by: Xander Moffatt <xmoffatt@instructure.com>
Tested-by: Jenkins
QA-Review: Marc Phillips <mphillips@instructure.com>
Product-Review: Marc Phillips <mphillips@instructure.com>
refs PLAT-4493
Test Plan:
-create a developer key and validate the public jwk url field
is present
-save developer key
-edit developer key and validate public jwk url field is present
-save edit and validate edits were saved to developer key
Change-Id: I9019d116ad9995931757439f4c3d63b3d67a3a5f
Reviewed-on: https://gerrit.instructure.com/197713
Tested-by: Jenkins
Reviewed-by: Marc Phillips <mphillips@instructure.com>
QA-Review: Marc Phillips <mphillips@instructure.com>
Product-Review: Jesse Poulos <jpoulos@instructure.com>
fixes PLAT-4492
Test Plan
-Create test tool
-Use tool to create developer key in canvas
-Change tool credential oauth_client_id to match
client id from developer key
-Go to http://lti13testtool.docker/developer_key/update_public_jwk/21
-Verify that public JWK was changed:
Change-Id: Ic09a665d4ab14d3423b7e4b2a3a51296c0617981
Reviewed-on: https://gerrit.instructure.com/194447
Tested-by: Jenkins
Reviewed-by: Weston Dransfield <wdransfield@instructure.com>
QA-Review: Weston Dransfield <wdransfield@instructure.com>
Product-Review: Jesse Poulos <jpoulos@instructure.com>
Also fixed a few formatting issues and loosened the
requirements on domain and tool_id.
closes PLAT-4248
Test Plan:
Go through the lti manual creation flow, should work
Attempt to break it, shouldn't work
Change-Id: I8ceb05951d2596fd37e976dd114cc3da3a3d7499
Reviewed-on: https://gerrit.instructure.com/190194
Tested-by: Jenkins
Reviewed-by: Weston Dransfield <wdransfield@instructure.com>
Product-Review: Jesse Poulos <jpoulos@instructure.com>
QA-Review: Weston Dransfield <wdransfield@instructure.com>
This belongs in the settings hash.
refs PLAT-4248
Test Plan:
n/a
Change-Id: I89ca516d9e00e8fe8048e8d419893b16efc0b76d
Reviewed-on: https://gerrit.instructure.com/187200
Tested-by: Jenkins
Reviewed-by: Weston Dransfield <wdransfield@instructure.com>
QA-Review: Marc Phillips <mphillips@instructure.com>
Product-Review: Marc Phillips <mphillips@instructure.com>
For manual creation of keys, add the fields
that will be required or needed to create a
new Tool Configuration Manually.
refs PLAT-4248
Test Plan:
- Go to create a new LTI key, note that the manual
option now has fields attached
Change-Id: I34afe82ba903cc149a0ba74b245cec0375b029e4
Reviewed-on: https://gerrit.instructure.com/186829
Reviewed-by: Weston Dransfield <wdransfield@instructure.com>
Tested-by: Jenkins
QA-Review: Marc Phillips <mphillips@instructure.com>
Product-Review: Marc Phillips <mphillips@instructure.com>
Some fields should not be required, fix typo
in Deeplinkingrequest.
fixes PLAT-4284
Test Plan:
- n/a
Change-Id: I36c3c84a143d8aaff7ddb9de7c33847640a6845a
Reviewed-on: https://gerrit.instructure.com/184627
Tested-by: Jenkins
Product-Review: Marc Phillips <mphillips@instructure.com>
Reviewed-by: Weston Dransfield <wdransfield@instructure.com>
QA-Review: Weston Dransfield <wdransfield@instructure.com>
Validate that a tool config matches the schema for
a tool.
closes PLAT-4258
Test Plan:
- Attempt to create an lti tool with an old config, should
fail with schema errors
- Create an lti tool with a new tool config, should succeed
- Create a tool from the config, should work
- Test that the launches still work for launch basic and
Deeplinking
Change-Id: Iaeea45f14dd10f464ab06f4bd1bb24696e91b38f
Reviewed-on: https://gerrit.instructure.com/184182
Tested-by: Jenkins
Reviewed-by: Nathan Mills <nathanm@instructure.com>
QA-Review: Marc Phillips <mphillips@instructure.com>
Product-Review: Marc Phillips <mphillips@instructure.com>
Change-Id: Ifcc3316b96f4b2ae3da109c9e7e80afdd57cdada
Reviewed-on: https://gerrit.instructure.com/166599
Reviewed-by: Marc Alan Phillips <mphillips@instructure.com>
Tested-by: Jenkins
Product-Review: Marc Alan Phillips <mphillips@instructure.com>
QA-Review: Marc Alan Phillips <mphillips@instructure.com>
Closes PLAT-3739
Test Plan:
- Use the tool configuration create/update endpoint to create a new
tool configuration. The JSON provided to the settings should
include (in its root) a 'public_jwk' object. This object must
take the following form:
{
"kty":"RSA",
"e":"AQAB",
"n":"2YGluUtCi62Ww_TWB38OE6wTaN..."
"kid":"2018-09-18T21:55:18Z",
"alg":"RS256",
"use":"sig"
}
- Verify a tool configuration is created
- Verify the tool configuration's developer key's public_jwk
column is now set to the JWK from the previous step
- Verify all claims in the JWK above are required
- Verify the 'kty' claim must be 'RSA' when using the
endpoint
- Verify the 'alg' claim must be 'RS256' when using the
endpoint
- Verify all above verifications work when the settings JSON
is provided directly OR provided indirectly by URL
- Verify all above verifications work when creating a new tool
configuration OR editing an existing one
Change-Id: Iae8e9b89266611234b8ab2e47c4912b7fb1d9f2a
Reviewed-on: https://gerrit.instructure.com/165203
Reviewed-by: Marc Alan Phillips <mphillips@instructure.com>
QA-Review: Marc Alan Phillips <mphillips@instructure.com>
Tested-by: Jenkins
Product-Review: Weston Dransfield <wdransfield@instructure.com>
Ryan Hawkins
