LTI Tool Support

Engine provides LTI tool support (export of courses as LTI links that can be imported and launched by an LTI platform) for versions 1.1 and 1.3 of LTI via Dispatch.

LTI v1.3

Configuration

The following configuration setting is required for LTI 1.3 tool support:

  • LtiBaseUrl - A fully-qualified URL to the '/api' path under the Engine application. This value is used for determining absolute URLs for endpoints LTI 1.3 platforms need to access. The following configuration setting is optional for Assignment and Grades support.
  • LtiJsonWebTokenExpiry - This setting determines when the JSON Web Token that that will be sent to the configured platform to request an OAuth 2.0 access token should expire.

Destination

For LTI 1.3, a destination must have additional information about the LTI 1.3 platform in order to support LTI 1.3 launch. A valid LTI 1.3 destination may be created with a POST request to /api/v2/dispatch/destinations with the following body:

{
  "destinations":
  [
    {
      "id": "string",
      "data": {
        "name": "string",
        "lti13Data": {
          "clientId": "string",
          "platformIssuerIdentifier": "string",
          "deploymentId": "string",
          "jsonWebKeySetUrl" : "string",
          "oidcAuthorizationEndpoint": "string",
          "accessTokenUrl" : "string "
        }
      }
    }
  ]
}

You may be required to configure the tool in your platform before you are able to get the details needed here for the lti13Data property. Because of this, the platform configuration information is optional when creating the destination, and may be supplied after the destination has been created with a PUT request to /api/v2/dispatch/destinations/{destinationId} with the following body:

{
  "lti13Data": {
    "clientId": "string",
    "platformIssuerIdentifier": "string",
    "deploymentId": "string",
    "jsonWebKeySetUrl" : "string",
    "oidcAuthorizationEndpoint": "string",
    "accessTokenUrl" : "string "
  }
}

All of the fields in lti13Data (except accessTokenUrl) must be configured before launch:

  • clientId - The OAuth 2.0 Client Id to associate with the destination. This value should be in the aud claim in the JSON Web Token that will get sent to the destination during launch.
  • platformIssuerIdentifier - An identifier to associate the platform with. This value should be in the iss claim in the JSON Web Token that will get sent to the destination during launch.
  • deploymentId - An unchanging identifier for the platform-tool integration. The required https://purl.imsglobal.org/spec/lti/claim/deployment_id claim in the JSON Web Token sent to the destination during launch should have this value.
  • oidcAuthorizationEndpoint - Platform endpoint where the OIDC Authorization Request should be sent.
  • jsonWebKeySetUrl - A link to the platform's JSON Web Key Set.
  • accessTokenUrl - Endpoint the tool should use to retrieve OAuth 2.0 tokens for accessing the platform's Assignment and Grades service. This parameter is optional - if it is omitted no grades will be recorded for launches associated with this destination.

Once the destination has been created, additional information about the tool can be retrieved by a GET request to /api/v2/dispatch/destinations/{destinationId}/lti13. This information should be shared with the platform.

{
    "publicKey": "string",
    "oidcLoginInitiationsUrl": "string",
    "redirectUri": "string",
    "jsonWebKeySetUrl": "string"
}
  • publicKey - The tool's public key
  • oidcLoginInitiationsUrl - Endpoint the platform should redirect to to initiate the OIDC Authorization flow.
  • redirectUri - Endpoint the platform should send the OIDC Authorization Response to.
  • jsonWebKeySetUrl - Path to the tool's JSON Web Key Set located at /api/v2/dispatch/destinations/{destinationId}/jwks, if the platform would like to retrieve the tool's public key in that way instead of via the publicKey key.

Dispatch

The final piece of information that the platform will need is the target_link_uri that will be executed at the end of the OIDC flow. This can be retrieved with a GET request to /api/v2/dispatch/dispatches/{dispatchId}/lti13, assuming the corresponding destination has been configured to support LTI 1.3. In that case, this endpoint will return the target_link_uri value that should be passed in the OIDC login initiation request and in the OIDC Authorization Response.

{
  "targetLinkUri": "string"
}

Assignment and Grades Services

Scores for LTI 1.3 dispatch launches can be sent to the configured platform via Assignment and Grades Services. For the Assignment and Grades service to be used, an accessTokenUrl must be specified in the destination configuration and a https://purl.imsglobal.org/spec/lti-ags/claim/endpoint claim must be passed in the LtiResourceLinkRequest received at launch time. At a minimum, the access token returned by the platform must provide access to the https://purl.imsglobal.org/spec/lti-ags/scope/score scope.

Access Token

The tool will send a signed JSON Web Token to the platform to request an OAuth 2.0 access token. The clientId specified in the destination configuration should match the value the platform expects to see in the iss and sub claims and the platformIssuer specified in the destination configuration should match the value the platform expects to see in the aud claim.

Line Items

Each LTI 1.3 dispatch will have one score associated with it, so it is recommended that the platform pass only a single line item to the tool during launch, by specifying a lineitem property on the Assignment and Grades Services claim. If no lineitem property is provided, then the tool will attempt to create a line item and send the score for the created line item. If the access token granted to the tool does not provide permission to create line items, then the tool will query for all line items associated with the corresponding resource_link_id and send the given score to each of the line items.

Grading

Dispatch records a grade for the launch on a scale from 0-1.

Key Rotation

The LTI 1.3 tool provides a mechanism to rotate the RSA 256 key pairs associated with the tool. Rotation is done by making a POST request to /api/v2/dispatch/destinations/{destinationId}/rotateKeys with the following body:

{
  "expiry": "string"
}

expiry must be a valid UTC date-time If the expiry time has not passed, a request to the /api/v2/dispatch/destinations/{destinationId}/jwks endpoint will return both the newly generated key and the previous key (for a maximum of two total keys at any given time). Once expiry passes, the endpoint will return a single key until another rotateKeys request with a non-expired expiry is made.

LTI v1.1

For LTI 1.1, assuming a destination and dispatch have already been created, the information necessary to import a course into an LTI 1.1 platform can be retrieved by making a GET request to /api/v2/dispatch/dispatches/{dispatchId}/lti. This will return all of the information necessary for LTI 1.1 launch:

{
  "url": "string",
  "consumerKey": "string",
  "sharedSecret": "string"
}

results matching ""

    No results matching ""