Change-Id: I3d09440a090838edc8dd4557d98705926c2aaa09
Reviewed-on: https://gerrit.instructure.com/202620
Tested-by: Jenkins
Reviewed-by: James Williams <jamesw@instructure.com>
QA-Review: James Williams <jamesw@instructure.com>
Product-Review: James Williams <jamesw@instructure.com>
Closes PLAT-4713
Test Plan:
Do an LTI 1.3 launch and verify the correct client_id is sent
in the initial login message from Canvas
Change-Id: I7cb82be8dbe7a356cf6ead8fa37a14bcea957148
Reviewed-on: https://gerrit.instructure.com/203073
Tested-by: Jenkins
Reviewed-by: Clint Furse <cfurse@instructure.com>
QA-Review: Clint Furse <cfurse@instructure.com>
Product-Review: Weston Dransfield <wdransfield@instructure.com>
Closes PLAT-4658
Test Plan:
Do an LTI 1.3 launch and verify the canvas_region param is sent
in the login request. If your database server does not have a
region configured locally the value should be "not configured"
Change-Id: I2b4211504a3c8ed8420efc9d038e48f2896cefd8
Reviewed-on: https://gerrit.instructure.com/201176
Tested-by: Jenkins
QA-Review: Marc Phillips <mphillips@instructure.com>
Product-Review: Weston Dransfield <wdransfield@instructure.com>
Reviewed-by: Clint Furse <cfurse@instructure.com>
Call the message validations on the lti messages
before we send the launch.
closes PLAT-4117
Test Plan:
- do a launch, it should still work
Change-Id: I34d20c328173158c76b11aacf7028f7eb152f87b
Reviewed-on: https://gerrit.instructure.com/185216
Tested-by: Jenkins
Reviewed-by: Nathan Mills <nathanm@instructure.com>
QA-Review: Marc Phillips <mphillips@instructure.com>
Product-Review: Marc Phillips <mphillips@instructure.com>
sqlite3 released a new version yesterday, but active record is pinned to
a previous version in a way that just errors. the version pins here can
be reverted once rails releases a compatibility update. see
https://github.com/rails/rails/pull/35154
Change-Id: If9edc76058d96a75b8731422407ecea2afb4ce29
Reviewed-on: https://gerrit.instructure.com/180583
Reviewed-by: James Butters <jbutters@instructure.com>
Tested-by: Jenkins
QA-Review: Simon Williams <simon@instructure.com>
Product-Review: Simon Williams <simon@instructure.com>
closes PLAT-4107
Test plan:
- Using the test tool, do a launch and see that
the target_link_uri is sent on the login and
the final launch as a claim
Change-Id: I32da1f86a5a0c47e3aee6d66aeac74439696276b
Reviewed-on: https://gerrit.instructure.com/177299
Tested-by: Jenkins
Reviewed-by: Weston Dransfield <wdransfield@instructure.com>
QA-Review: Weston Dransfield <wdransfield@instructure.com>
Product-Review: Marc Phillips <mphillips@instructure.com>
closes PLAT-4050
Test Plan:
- create a user, should work
- update a user, should work
- attempt to change the lti_id in teh console, should fail
- attempt a 1.3 launch and note that id is changed to new id
- also note the lti11_legacy_user_id field is present
Change-Id: I2747d76b08714a66cd2862b81c4f50e5068021e8
Reviewed-on: https://gerrit.instructure.com/174693
Reviewed-by: Rob Orton <rob@instructure.com>
Reviewed-by: Weston Dransfield <wdransfield@instructure.com>
QA-Review: Weston Dransfield <wdransfield@instructure.com>
Tested-by: Jenkins
Product-Review: Marc Phillips <mphillips@instructure.com>
Closes PLAT-4021
Test Plan:
- Install an LTI 1.3 tool that uses the editor_button
placement.
The tool's configuration should set the message
type of each of this placements to 'LtiDeepLinkingRequest'
- Launch the tool from the RCE and verify
* The 3rd party initiated OpenID auth flow occurs
* The ID token contains all standard claims LTI claims
(all claims a ResourceLinkRequest contains minus resourace_link_id
related items)
* Custom variables are supported and expanded
* The deep linking settings claim is sent with all required
values
Change-Id: I56ac0f708fb0afe7ffe515803f3fdb6f63f50d5b
Reviewed-on: https://gerrit.instructure.com/173385
Tested-by: Jenkins
Reviewed-by: Marc Phillips <mphillips@instructure.com>
QA-Review: Marc Phillips <mphillips@instructure.com>
Product-Review: Jesse Poulos <jpoulos@instructure.com>
git may not be installed
Change-Id: I69a3dfcd5dc9d743daca70bad15d994bc3ae5e0a
Reviewed-on: https://gerrit.instructure.com/173693
Reviewed-by: James Williams <jamesw@instructure.com>
Tested-by: Jenkins
QA-Review: Cody Cutrer <cody@instructure.com>
Product-Review: Cody Cutrer <cody@instructure.com>
- LTI 1.3 launches now include an AGS claim
(`https://purl.imsglobal.org/spec/lti-ags/claim/endpoint`)
if the current tool's `DeveloperKey` has been granted
any AGS scope.
- If the launched link is an `Assignment`, the AGS claim will
include a `lineitem` sub-claim set to the `Assignment`'s
LTI Advantage `LineItem` API URL
(`/api/lti/courses/:course_id/line_items/:line_item_id`).
- In any AGS-enabled launch from from a `Course` or `Group`,
the AGS claim will include `lineitems` sub-claim set the
`Course`'s LTI Advantage `LineItem` collection API URL
(`/api/lti/courses/:course_id/line_items`.)
Closes LTIA-49
Test Plan:
1. Create an LTI 1.3 tool with at least one AGS scope granted to
its `DeveloperKey`. Those scopes are:
- `https://purl.imsglobal.org/spec/lti-ags/scope/lineitem`
- `https://purl.imsglobal.org/spec/lti-ags/scope/lineitem.readonly`
- `https://purl.imsglobal.org/spec/lti-ags/scope/result.readonly`
- `https://purl.imsglobal.org/spec/lti-ags/scope/score`
2. Launch the tool from a course navigation link.
3. Verify that the
`https://purl.imsglobal.org/spec/lti-ags/claim/endpoint` claim is
present and:
3.1. Sets all the granted scopes into the `scope` sub-claim
3.2. Sets the `lineitems` sub-claim to
`/api/lti/courses/:course_id/line_items`
3.3. The `lineitem` sub-claim is not present.
4. Bind the tool to an `Assignment` and launch from that
`Assignment`.
5. Verify that the
`https://purl.imsglobal.org/spec/lti-ags/claim/endpoint` claim is
present and:
5.1. Sets all the granted scopes from step 1 into the `scope`
sub-claim
5.2. Sets the `lineitems` sub-claim to
`/api/lti/courses/:course_id/line_items`
5.3. Sets the `lineitem` sub-claim to
`/api/lti/courses/:course_id/line_items/:line_item_id`
To find :line_item_id for step 5.3 either use the console or database
query. E.g. in the console:
`Assignment.find(Assignment.maximum(:id)).line_items.find(&:assignment_line_item?).id`
6. Create another LTI 1.3 tool but do not grant any AGS scopes to its
`DeveloperKey`.
7. Launch the tool from a course navigation link.
8. Verify that the
`https://purl.imsglobal.org/spec/lti-ags/claim/endpoint` claim is
not present.
9. Bind the tool to an `Assignment` and launch from that
`Assignment`.
10. Verify that the
`https://purl.imsglobal.org/spec/lti-ags/claim/endpoint` claim is
not present.
Change-Id: I787d3e99c60993ed3d28ede08455617e601f3d30
Reviewed-on: https://gerrit.instructure.com/171345
Tested-by: Jenkins
Reviewed-by: Weston Dransfield <wdransfield@instructure.com>
QA-Review: Weston Dransfield <wdransfield@instructure.com>
Product-Review: Marc Phillips <mphillips@instructure.com>
Closes: PLAT-3987, PLAT-3988
Test Plan:
- Verify the following for assignment, course nav,
and user nav placements:
* The unsigned ID token body is sored as JSON in
redis using the same key scheme as sessionless
launches
* The ID token contains all resource link
request claims
* Custom parameters are expanded before the body
is cached
- Verify the message_hint is now a jwt that contains
the domain and the "verifier"
Change-Id: I468e8af6ededdb4f6ef3da4d1014dc702f570543
Reviewed-on: https://gerrit.instructure.com/171223
Tested-by: Jenkins
Reviewed-by: Marc Phillips <mphillips@instructure.com>
QA-Review: Marc Phillips <mphillips@instructure.com>
Product-Review: Weston Dransfield <wdransfield@instructure.com>
Closes PLAT-3950
Test Plan:
- Do the following for an LTI launch from an
LTI assignment, the course navigation, and the
user_settings placement.
* Verify correct LTI launch is stored in Redis
* Verify a login message is posted instead of
an LTI launch
* Verify the login message contains the following:
- iss -> The iss in the Canvas security config
- login_hint -> The session ID
- target_link_uri -> placeholder string for now
- lti_message_hint -> The redis key "verifier"
Change-Id: Iacd9e45b1883d062339d3ea03721f8c53cb815dd
Reviewed-on: https://gerrit.instructure.com/171036
Tested-by: Jenkins
Reviewed-by: Marc Phillips <mphillips@instructure.com>
QA-Review: Marc Phillips <mphillips@instructure.com>
Product-Review: Weston Dransfield <wdransfield@instructure.com>
- Per recent NRPS vs spec change, the `service_version` LTI 1.3
launch sub-claim is renamed to `service_versions` and its type
changed from a string to an array of strings. (The expressed
version itself is still the same, i.e. it just appears as
["2.0"] instead of an unwrapped "2.0".)
Closes LTIA-35 WIP
Test Plan:
- Verify LTI 1.3 launches to the IMS Reference Implementation include
a https://purl.imsglobal.org/spec/lti-nrps/claim/namesroleservice
claim with a `"service_versions": ["2.0"]` sub-claim
Change-Id: I53801d633166a07c571e106cc60256729059fdcf
Reviewed-on: https://gerrit.instructure.com/167714
QA-Review: Samuel Barney <sbarney@instructure.com>
Tested-by: Jenkins
Product-Review: Karl Lloyd <karl@instructure.com>
Reviewed-by: Marc Phillips <mphillips@instructure.com>
- Given a Tool with the `use_1_3` setting set to `true` and an
Account with the `lti_1_3` feature flag enabled, a resource link
launch JWT now includes a
`https://purl.imsglobal.org/spec/lti-nrps/claim/namesroleservice`
claim. The `context_memberships_url` field within that claim
advertises the NRPS v2 URL from which the Context's memberships
can be retrieved.
- Only works for Course and Group Contexts (though launching
from a Group does not seem to be possible at this time).
Closes LTIA-12
Test Plan:
* Create a Course and create and accept several Enrollments in
it.
* Create a LTI 1.3-enabled Tool configured to connect to the
IMS LTI 1.3/Advantage reference implementation and ensure the
Tool is placed into the Course.
* Enable the LTI 1.3/Advantage feature for the Course's Account.
* Launch the Tool.
* Verify the presence of the
`https://purl.imsglobal.org/spec/lti-nrps/claim/namesroleservice`
claim in the IMS RI's user interface, which should indicate
a successful launch.
* Verify enablement of the "Request Names and Roles" button in the
IMS RI user interface. Click it.
* Correct Course membership should be returned to the RI and
displayed in the on-screen panel.
* NB this may require configuring the RI Tool with a OAuth2
access token URL pointing to a Platform configured in the RI
Tool.
Change-Id: I9d6f97166aee88b5a1e4301a82e3c4604a555462
Reviewed-on: https://gerrit.instructure.com/166205
Tested-by: Jenkins
Reviewed-by: Marc Alan Phillips <mphillips@instructure.com>
QA-Review: Pedro Fajardo <pfajardo@instructure.com>
Product-Review: Karl Lloyd <karl@instructure.com>
Closes PLAT-3629
Test Plan:
- Install an LTI 1 tool in a course
- Modify the tool via the Rails console:
`tool.settings['use_1_3'] = true; tool.save!`
- Add the tool to a module item
- Launch the tool and verify a JWT is sent as the 'id_token'
- Verify the JWT contains all required LTI 1.3 claims (minus
security claims).
- Verify all claim data is accurate
- Verify the JWT contains all extensions Canvas sends
from the same placement in LTI 1.1
- Verify custom variables are sent and expanded
- Create an External Tool assignment with the same tool
- View the assignment and verify a JWT is sent as the
'id_token'
- Verify the JWT contains all required LTI 1.3 claims (minus
the security claims).
- Verify the JWT contains all extension Canvas sends in LTI 1
(ext_ LTI 1 params) as extension claims.
Note: For now the id_token is signed with a placeholder secret.
Change-Id: I7df3d150055bb30010bb509e4d40dde82a406631
Reviewed-on: https://gerrit.instructure.com/158907
Tested-by: Jenkins
Reviewed-by: Marc Alan Phillips <mphillips@instructure.com>
Product-Review: Marc Alan Phillips <mphillips@instructure.com>
QA-Review: Marc Alan Phillips <mphillips@instructure.com>
refs PLAT-3500
Change-Id: I72c7166bd58053017fba0cca0c4be271de4a2b45
Reviewed-on: https://gerrit.instructure.com/157551
Tested-by: Jenkins
Reviewed-by: Marc Alan Phillips <mphillips@instructure.com>
Product-Review: Marc Alan Phillips <mphillips@instructure.com>
QA-Review: Marc Alan Phillips <mphillips@instructure.com>
James Butters