Comments (4)
Actually, after looking through the LTI 1.1 standard and the source of this library, it looks like the only fields necessary to send an outcome are the oauth_consumer_key
, lis_outcome_service_url
, and lis_result_sourcedid
. And the secret, of course, but that's not part of an LTI request.
This library exposes the constructor of the OutcomeService
, so you can do this:
const lti = require('ims-lti')
// Load the correct session object, which should contain at
// least those three required fields
const session = loadLtiSession(/* id? */)
// The "consumers" object is structured where the key is a
// consumer key and the value is the secret
const consumers = loadLtiConsumers()
const outcome = new lti.OutcomeService({
consumer_key: session.oauth_consumer_key,
// We can assume the secret exists because the request should have already been validated
consumer_secret: consumers[session.oauth_consumer_key],
service_url: session.lis_outcome_service_url,
source_did: session.lis_result_sourcedid
})
outcome.send_replace_result(1.0, (error, result) => { /* handle result or error */ })
That means you can 'persist' a request by simply storing the oauth_consumer_key
, lis_outcome_service_url
, and lis_result_sourcedid
. When it's time to send the outcome, retrieve these and directly construct an OutcomeService
.
from ims-lti.
We've simply stored the launch request in session and used it to recreate the provider on subsequent requests.
If you decide to go this route, you will need to handle the circular references in the req. A library like https://github.com/isaacs/json-stringify-safe will do this for you.
Note:
This has been working great for non SSL requests, but the provider.valid_request
method is failing with an "Invalid signature" error when we recreate the provider in this way. This is after a successful SSL launch (We initially had the same error on launch, but followed suggestions in #4 to debug it).
from ims-lti.
Update regarding SSL note above: The second validation succeeds after using the hmac-sha1 code found in #43.
from ims-lti.
Any updates on this?
Currently we're just sticking the req.body
into our database, then when a score needs to be sent, retrieving it and creating a provider using Provider#parse_request
. That doesn't seem to be an officially documented function, so I have to imagine there's a better way to do it.
from ims-lti.
Related Issues (20)
- Consumer javascript implementation for comment
- What type of request objects are expected? HOT 2
- Doesn't work when launching to https HOT 4
- broken links on README.md
- HTTPS launches always result in an invalid signature. HOT 1
- Sending content urls back to consumer beyound express or from the client
- Is verifying the nonce necessary when the request is done over ssl?
- Any chance of a point release for ContentItemSelectionRequest validation? HOT 4
- Support x-forwarded-host header HOT 1
- Does it work with Canvas authentication? HOT 1
- Error class gotcha
- redis-nonce-store should catch redis errors
- How to specify ext_content in LTI request? HOT 1
- node-uuid deprecation warning
- lodash-node deprecation warning
- Additional Maintainers? HOT 2
- Invalid LTI consumer response may result in empty error HOT 3
- Reading a student grade when she has none yet results in an error.
- LTI 1.0 signing not up to specs for hmac-sha1 HOT 23
- TypeError: Cannot read properties of undefined (reading 'host')
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from ims-lti.