lti-launch | Java framework for authenticating LTI launch requests

by kstateome Java Version: 1.4.6 License: LGPL-3.0

X-Ray Key Features Code Snippets Community Discussions(4)Vulnerabilities Install Support

kandi X-RAY | lti-launch Summary

lti-launch is a Java library. lti-launch has no vulnerabilities, it has build file available, it has a Weak Copyleft License and it has low support. However lti-launch has 3 bugs. You can download it from GitHub, Maven.

LTI Launch is a project designed to assist in the development of Java based LTI applications that work with the Canvas LMS. It provides functionality to authenticate the OAuth signature of an LTI launch request and handle the OAuth 2 user token exchange if needed for communicating with the Canvas API. After the launch request is verified, the user is forwarded to an initial view specified by the implementing application.

Support

Quality

Security

License

Reuse

Support

lti-launch has a low active ecosystem.

It has 11 star(s) with 12 fork(s). There are 23 watchers for this library.

It had no major release in the last 12 months.

There are 1 open issues and 0 have been closed. On average issues are closed in 898 days. There are 2 open pull requests and 0 closed requests.

It has a neutral sentiment in the developer community.

The latest version of lti-launch is 1.4.6

Quality

lti-launch has 3 bugs (0 blocker, 0 critical, 3 major, 0 minor) and 93 code smells.

Security

lti-launch has no vulnerabilities reported, and its dependent libraries have no vulnerabilities reported.

lti-launch code analysis shows 0 unresolved vulnerabilities.

There are 0 security hotspots that need review.

License

lti-launch is licensed under the LGPL-3.0 License. This license is Weak Copyleft.

Weak Copyleft licenses have some restrictions, but you can use them in commercial projects.

Reuse

lti-launch releases are not available. You will need to build from source code and install.

Deployable package is available in Maven.

Build file is available. You can build the component from source.

Installation instructions are available. Examples and code snippets are not available.

It has 1449 lines of code, 124 functions and 27 files.

It has medium code complexity. Code complexity directly impacts maintainability of the code.

Top functions reviewed by kandi - BETA

kandi has reviewed lti-launch and discovered the below as its top functions. This is intended to give you an instant insight into lti-launch implemented functionality, and help decide if they suit your requirements.

Ensures that the api token is present and if so returns a new OauthToken
Gets the LTI session
Gets the id
Sets OAuth token
Launch an LTI session
Removes the protocol from the URL
Removes the domain from the URL
Ensure that the canvas is valid
Handles OAuth response
Get initial view path
Get the OAuth token state
Starts the LTI session
Sets the OAuth token request state
Returns the base URL of this application
Registers a consumer with the given consumer key
Sets the roles
Method to validate the OAuth token
Creates an LTI authentication for the user
Get the API access token

Get all kandi verified functions for this library.

lti-launch Key Features

No Key Features are available at this moment for lti-launch.

lti-launch Examples and Code Snippets

No Code Snippets are available at this moment for lti-launch.

Community Discussions

Trending Discussions on lti-launch

LinkedIn Learning LTI failed authentication

Can't click element by xpath inside iFrame - Selenium

Why can't I select this? - Selenium

Adding Spring Session JDBC to my Spring Boot project breaks authentication in an iframe

QUESTION

LinkedIn Learning LTI failed authentication

Asked 2021-Dec-23 at 01:51

I'm attempting to integrate LinkedIn Learning Single-Sign-On via an LTI connection, however I'm always faced with the response: LTI_FAILED_AUTHENTICATION.

LinkedIn Learning - LTI_FAILED_AUTHENTICATION

When I test it out on the Saltire test platform, it strangely works.

The parameters match what I am sending from the code below: Saltire LTI Success authentication

Have tried copying over the the values of oauth_nonce, timestamp and oauth_signature from Saltire to my page, and that worked also, which scores out the possibility of domain whitelisting requirement.

LinkedIn support have come back saying there seems to be something wrong with the generated signature, but I'm not sure what is wrong about it, since that is generated by the parameters passed.

Is there something incorrectly setup from my page which I am not seeing?

...

ANSWER

Answered 2021-Dec-23 at 01:51

I figured out the issue. By using the Saltire test tool, I was able to verify that my signature was generated correctly when using their testing URL: https://lti.tools/saltire/tp

You can play with an example here: https://learningcom.github.io/ltitest/index.html

So after looking at the LinkedIn URL, I discovered that the signature was getting generated with an unnecessary long URL which contained parameters.

Removed: ?application=learning&redirect=https://www.linkedin.com/learning/me

Therefore, I shortened the URL to:

var action = 'https://www.linkedin.com/checkpoint/enterprise/login/[accountID]';

No more errors!

Source https://stackoverflow.com/questions/70439066

QUESTION

Can't click element by xpath inside iFrame - Selenium

Asked 2020-Oct-06 at 01:10

I'm aware that I have to switch to an iframe when I want to click and element inside it. Heres what the start of the iFrame looks like:

...

ANSWER

Answered 2020-Oct-06 at 01:10

Try waiting and clicking on the element. Try not to use xpath.

Source https://stackoverflow.com/questions/64217236

QUESTION

Why can't I select this? - Selenium

Asked 2020-Sep-28 at 08:35

The following thing is embedded into a webpage. It is not part of the actual site:

What I've been trying to do is select the 'previous meetings' tab, using Selenium in Python.

These are the elements for both buttons (upcoming meetings and previous):

...

ANSWER

Answered 2020-Sep-28 at 08:25

Due to having an iframe just switch to it

Source https://stackoverflow.com/questions/64096271

QUESTION

Adding Spring Session JDBC to my Spring Boot project breaks authentication in an iframe

Asked 2020-Jun-25 at 09:07

I am currently building a Spring Boot web application (2.3.1, but the following issue also was observed with versions 2.1.7 and 2.1.5) that is secured with Spring Security. I mostly use default settings (e.g. embedded Tomcat, embedded H2 database, Spring Web-MVC). I do some custom authentication on a permissive POST mapping with the following code:

...

ANSWER

Answered 2020-Jun-25 at 09:07

In general, I would advise you against using your appication in an iframe.
This poses a security risk, which you can read more about in this answer.

Now to explain the behaviour you are seeing.
Spring Security uses a Session cookie to store the user's session.
Cookies are associated with domains, so if, for example, there is a cookie associated with the domain stackoverflow.com then that cookie will be included in any request to stackoverlow.com.

In order to control that behaviour, cookies also have an attribute called SameSite.
The SameSite attribute can have 3 values, None, Lax or Strict.
When the value is None, it behaves as described above (included in all requests).
When the value is Lax, then the cookie will only be included in top level navigation GET requests.

When including the Spring Session dependency, the Session cookie SameSite attribute is set to Lax by default.

Since rendering an application in an iframe is not a top level navigation, the Session cookie is not included in the request to the iframe, and the application has no way of knowing that a user is signed in.

You can explicitly set the SameSite attribute to None by using Spring Session.
Again, I would caution against this, since it can make your application vulnerable to CSRF and clickjacking attacks.
If, after consider the security implications, you deem it necessary to set the SameSite attribute to None, you can do so by including Spring Session in your dependencies and creating a custom CookieSerializer.

Source https://stackoverflow.com/questions/62563620

Community Discussions, Code Snippets contain sources that include Stack Exchange Network

Vulnerabilities

No vulnerabilities reported

Install lti-launch

The LTI Launch project provides a number of interfaces that must be implemented in order for it to function in any given project, as well as a few beans that must be candidates for Spring Autowiring in the LTI application that wishes to use it. As an example you can look at a trivial LTI application which has the minimal setup for an LTI application launch. For a more complicated application you can also look at our attendance taking LTI application.
ConfigService This is a simple key/value lookup service for retrieving configuration items that the applicatin needs. It must provide values for the following keys: canvas_url - The first valid base canvas URL this instance can talk to (e.g. https://k-state.instructure.com) canvas_url_2 - The second base canvas URL this instance can talk to. For example if you have a vanity URL like https://canvas.k-state.edu. It can be blank if there is no second canvas URL. oauth_client_id - The OAuth Client ID for the application oauth_client_secret - The OAuth Client Secret for this application
LtiLaunchKeyService A service that is able to take an application launch key and return the associated shared secret.
OauthTokenService A service that can handle the persisting and retrieving of user OAuth refresh tokens

Support

For any new features, suggestions and bugs create an issue on GitHub. If you have any questions check and ask questions on community page Stack Overflow .

Find more information at: