- Output a smaller version of a LTI 1.3 launch payload for
each NRPS v2 member when the NRPS request includes a `rlid`
query parameter.
- Most claims and custom params from the launch payload are
excluded either because:
- They describe the context and would thus be redundant, or
- They pose performance problems (N+1 queries, usually), or
- They are absent from the spec example, e.g.
`https://purl.imsglobal.org/spec/lti/claim/version`, or
- They require additional development and thus need to be
handled as a separate task.
- See `memberships_provider.rb` ~line 68 for list of
custom params supported in this commit. (More coming later.)
- Vast majority of the patch has to do with tests against
`JwtMessage`, which was modified to allow claims to be turned
on/off via a new white/blacklist mechanism in `AppUtil`.
- Custom param white/blacklisting is handled directly in
`VariableExpander` to satisfy the LTI rule that unsupported
params should just be echoed as-is. This (instead of keeping
all the white/blacklist support in `JwtMessage` ensures
consistent behavior w/r/t `VariableExpander`'s more sophisticated
features, specifically its suport for expanding variables embedded
into larger strings.
Closes LTIA-40
Test Plan
- Configure a LTI 1.3/Advantage tool with the supported set of
custom params listed in `memberships_provider.rb` starting ~line 68.
If using the POST
`/api/lti/accounts/:account_id/developer_keys/tool_configuration`
API, this is done by setting
`tool_configuration.settings.custom_fields` to a JSON object where
keys are the param name to be rendered into LTI payloads and values
are the $-prefixed custom param names themselves. Include several
nonsense entries as well as unsupported entries e.g.:
```
// ... snip ...
"tool_configuration": {
"settings": {
// ... snip ...
"custom_fields": {
"person_name_full": "$Person.name.full",
"person_name_display": "$Person.name.display",
"person_name_family": "$Person.name.family",
"person_name_given": "$Person.name.given",
"canvas_user_isrootaccountadmin": "$Canvas.user.isRootAccountAdmin"
"unsupported_param_1": "$unsupported.param.1",
"unsupported_param_2": "$unsupported.param.2"
}
// ... snip ...
}
// ... snip ...
}
// ... snip ...
```
- Place this tool into a course, ensure the course has several active
members.
- Launch the tool in order to observe the course context's LTI
identifier. Use that identifier as the value of the NRPS `rlid`
parameter, e.g. a GET to:
`/api/lti/courses/1/names_and_roles?rlid=4dde05e8ca1973bcca9bffc13e1548820eee93a3`
- Each `members` array element in the response should have a
`message` array with a single element being the simplified
representation of a LTI 1.3 launch payload, were that user to launch
the context referenced by `rlid`.
- The `message` entry should have two top level claims:
- `"https://purl.imsglobal.org/spec/lti/claim/message_type": "LtiResourceLinkRequest"`
- `"https://purl.imsglobal.org/spec/lti/claim/custom": <object>`
- The `custom` claim should include an entry for each `custom_fields`
key/value pair configured above, with supported entries being
correctly expanded and nonsense and unsupported entries being echoed
as-is.
- Repeat for a group context in the same course (still using the
course's LTI ID as the `rlid` value). Results should be the same,
though scoped to group membership.
Change-Id: If2591c62c494756d65774e3115abeca19935c988
Reviewed-on: https://gerrit.instructure.com/169090
Tested-by: Jenkins
Product-Review: Karl Lloyd <karl@instructure.com>
Reviewed-by: Weston Dransfield <wdransfield@instructure.com>
Reviewed-by: Marc Phillips <mphillips@instructure.com>
QA-Review: Bill Smith <bsmith@instructure.com>
This layout will give you access to the full screen
width, while still including the regular Canvas
navigation and breadcrumbs. This differs from
the full_width layout, which gives you the full
width of the screen, but removes the breadcrumbs
and Canvas sidebar.
Test Plan:
- Create an external tool through the API and
set the display_type to "full_width_in_context"
- Launch the tool and validate that the iframe has
access to the full screen width (minus the Canvas
navigation on the left)
refs SKUNK-76
Change-Id: Ie019ccc111d5688e5b7eaa4528386f350e7ab669
Reviewed-on: https://gerrit.instructure.com/166671
Tested-by: Jenkins
Reviewed-by: Mark Valentine <mvalentine@instructure.com>
Reviewed-by: Nathan Mills <nathanm@instructure.com>
Product-Review: Karl Lloyd <karl@instructure.com>
QA-Review: Marisa Jense <mjense@instructure.com>
refs PLAT-1571
test plan:
regression test api/and UI for create and update tools
specifically around custom parameters
create a tool using something complex like this:
Complex!@#$^*(){}[]KEY=Complex!@#$^*;(){}[]½Value
it should get stored and returned correctly, i.e.
name = Complex!@#$^*(){}[]KEY
value = Complex!@#$^*;(){}[]½Value
Change-Id: I4a44575bdec9b83925bbe21d78b5d06770b7768e
Reviewed-on: https://gerrit.instructure.com/81863
Reviewed-by: Andrew Butterfield <abutterfield@instructure.com>
Tested-by: Jenkins
QA-Review: August Thornton <august@instructure.com>
Product-Review: Nathan Mills <nathanm@instructure.com>
test plan:
* navigate to the /{context}s/:context_id/external_tools/:id endpoint
* where context is an account or course
* the app/tool should launch correctly
* provide a ?display=borderless query parameter
* the app/tool should launch correctly as a borderless launch
refs CNVS-20529
Change-Id: I0ed76a1952811c99a0452943339ffd2608b57027
Reviewed-on: https://gerrit.instructure.com/56177
Reviewed-by: Brad Humphrey <brad@instructure.com>
Tested-by: Jenkins
QA-Review: Derek Hansen <dhansen@instructure.com>
Product-Review: Mark Severson <markse@instructure.com>
Dan McCallum