LTI Tool Support
Engine provides LTI tool support (export of courses as LTI links that can be imported and launched by an LTI platform) for versions 1.1 and 1.3 of LTI via Dispatch.
LTI v1.3
Configuration
The following configuration setting is required for LTI 1.3 tool support:
- LtiBaseUrl - A fully-qualified URL to the '/api' path under the Engine application. This value is used for determining absolute URLs for endpoints LTI 1.3 platforms need to access. The following configuration setting is optional for Assignment and Grades support.
- LtiJsonWebTokenExpiry - This setting determines when the JSON Web Token that that will be sent to the configured platform to request an OAuth 2.0 access token should expire.
Destination
For LTI 1.3, a destination must have additional information about the LTI 1.3 platform in order to support LTI 1.3 launch. A valid LTI 1.3 destination may be created with a POST
request to /api/v2/dispatch/destinations
with the following body:
{
"destinations":
[
{
"id": "string",
"data": {
"name": "string",
"lti13Data": {
"clientId": "string",
"platformIssuerIdentifier": "string",
"deploymentId": "string",
"jsonWebKeySetUrl" : "string",
"oidcAuthorizationEndpoint": "string",
"accessTokenUrl" : "string "
}
}
}
]
}
You may be required to configure the tool in your platform before you are able to get the details needed here for the lti13Data
property. Because of this, the platform configuration information is optional when creating the destination, and may be supplied after the destination has been created with a PUT
request to
/api/v2/dispatch/destinations/{destinationId}
with the following body:
{
"lti13Data": {
"clientId": "string",
"platformIssuerIdentifier": "string",
"deploymentId": "string",
"jsonWebKeySetUrl" : "string",
"oidcAuthorizationEndpoint": "string",
"accessTokenUrl" : "string "
}
}
All of the fields in lti13Data
(except accessTokenUrl
) must be configured before launch:
clientId
- The OAuth 2.0 Client Id to associate with the destination. This value should be in theaud
claim in the JSON Web Token that will get sent to the destination during launch.platformIssuerIdentifier
- An identifier to associate the platform with. This value should be in theiss
claim in the JSON Web Token that will get sent to the destination during launch.deploymentId
- An unchanging identifier for the platform-tool integration. The requiredhttps://purl.imsglobal.org/spec/lti/claim/deployment_id
claim in the JSON Web Token sent to the destination during launch should have this value.oidcAuthorizationEndpoint
- Platform endpoint where the OIDC Authorization Request should be sent.jsonWebKeySetUrl
- A link to the platform's JSON Web Key Set.accessTokenUrl
- Endpoint the tool should use to retrieve OAuth 2.0 tokens for accessing the platform's Assignment and Grades service. This parameter is optional - if it is omitted no grades will be recorded for launches associated with this destination.
Once the destination
has been created, additional information about the tool can be retrieved by a GET
request to /api/v2/dispatch/destinations/{destinationId}/lti13
. This information should be shared with the platform.
{
"publicKey": "string",
"oidcLoginInitiationsUrl": "string",
"redirectUri": "string",
"jsonWebKeySetUrl": "string"
}
publicKey
- The tool's public keyoidcLoginInitiationsUrl
- Endpoint the platform should redirect to to initiate the OIDC Authorization flow.redirectUri
- Endpoint the platform should send the OIDC Authorization Response to.jsonWebKeySetUrl
- Path to the tool's JSON Web Key Set located at/api/v2/dispatch/destinations/{destinationId}/jwks
, if the platform would like to retrieve the tool's public key in that way instead of via thepublicKey
key.
Dispatch
The final piece of information that the platform will need is the target_link_uri
that will be executed at the end of the OIDC flow. This can be retrieved with a GET
request to /api/v2/dispatch/dispatches/{dispatchId}/lti13
, assuming the corresponding destination has been configured to support LTI 1.3. In that case, this endpoint will return the target_link_uri
value that should be passed in the OIDC login initiation request and in the OIDC Authorization Response.
{
"targetLinkUri": "string"
}
Assignment and Grades Services
Scores for LTI 1.3 dispatch launches can be sent to the configured platform via Assignment and Grades Services. For the Assignment and Grades service to be used, an accessTokenUrl
must be specified in the destination configuration and a https://purl.imsglobal.org/spec/lti-ags/claim/endpoint
claim must be passed in the LtiResourceLinkRequest
received at launch time. At a minimum, the access token returned by the platform must provide access to the https://purl.imsglobal.org/spec/lti-ags/scope/score
scope.
Access Token
The tool will send a signed JSON Web Token to the platform to request an OAuth 2.0 access token. The clientId
specified in the destination configuration should match the value the platform expects to see in the iss
and sub
claims and the platformIssuer
specified in the destination configuration should match the value the platform expects to see in the aud
claim.
Line Items
Each LTI 1.3 dispatch will have one score associated with it, so it is recommended that the platform pass only a single line item to the tool during launch, by specifying a lineitem
property on the Assignment and Grades Services claim. If no lineitem
property is provided, then the tool will attempt to create a line item and send the score for the created line item. If the access token granted to the tool does not provide permission to create line items, then the tool will query for all line items associated with the corresponding resource_link_id
and send the given score to each of the line items.
Grading
Dispatch records a grade for the launch on a scale from 0-1.
Key Rotation
The LTI 1.3 tool provides a mechanism to rotate the RSA 256 key pairs associated with the tool. Rotation is done by making a POST
request to /api/v2/dispatch/destinations/{destinationId}/rotateKeys
with the following body:
{
"expiry": "string"
}
expiry
must be a valid UTC date-time
If the expiry
time has not passed, a request to the /api/v2/dispatch/destinations/{destinationId}/jwks
endpoint will return both the newly generated key and the previous key (for a maximum of two total keys at any given time). Once expiry
passes, the endpoint will return a single key until another rotateKeys
request with a non-expired expiry
is made.
LTI v1.1
For LTI 1.1, assuming a destination and dispatch have already been created, the information necessary to import a course into an LTI 1.1 platform can be retrieved by making a GET
request to /api/v2/dispatch/dispatches/{dispatchId}/lti
. This will return all of the information necessary for LTI 1.1 launch:
{
"url": "string",
"consumerKey": "string",
"sharedSecret": "string"
}