Add LTI 1.3 auth variables and a warning for these LTI Configuration …

…Options.
openwebwork · Aug 1, 2024 · 0490840 · 0490840
1 parent a0fbab1
commit 0490840
Show file tree

Hide file tree

Showing 2 changed files with 63 additions and 4 deletions.
diff --git a/conf/authen_LTI.conf.dist b/conf/authen_LTI.conf.dist
@@ -169,7 +169,9 @@ $LTIMassUpdateInterval = 86400;    #in seconds
 # the tab will not be shown.  Note that the default values for the variables that will be shown
 # in the LTI tab are the values that are set above.  Further note that only the commented out
 # variables listed below may be added to the LTI config tab.  In addition, only the variables that
-# pertain to the active LTI version will be shown in the tab.
+# pertain to the active LTI version will be shown in the tab. Warning: Allowing users to modify
+# the BasicConsumerSecret for LTI 1.1 or the IDs, URLs, etc for LTI 1.3 can expose the values
+# of the variables and allow users to lock themselves out of logging in via an LMS.
 @LTIConfigVariables = (
 	#'LTI{v1p1}{LMS_name}',
 	#'LTI{v1p3}{LMS_name}',
@@ -181,6 +183,13 @@ $LTIMassUpdateInterval = 86400;    #in seconds
 	#'LTIMassUpdateInterval',
 	#'LMSManageUserData',
 	#'LTI{v1p1}{BasicConsumerSecret}',
+	#'LTI{v1p3}{PlatformID}',
+	#'LTI{v1p3}{ClientID}',
+	#'LTI{v1p3}{DeploymentID}',
+	#'LTI{v1p3}{PublicKeysetURL}',
+	#'LTI{v1p3}{AccessTokenURL}',
+	#'LTI{v1p3}{AccessTokenAUD}',
+	#'LTI{v1p3}{AuthReqURL}',
 	#'debug_lti_parameters',
 	#'lms_context_id'
 );

diff --git a/lib/WeBWorK/ConfigValues.pm b/lib/WeBWorK/ConfigValues.pm
@@ -923,13 +923,55 @@ sub getConfigValues ($ce) {
 		},
 		'LTI{v1p1}{BasicConsumerSecret}' => {
 			var  => 'LTI{v1p1}{BasicConsumerSecret}',
-			doc  => x('Set the shared secret used for the LMS'),
+			doc  => x('LMS shared secret for LTI 1.1 authentication'),
 			doc2 => x(
-				'This is a secret word that is used to validate information between WeBWorK and the LMS.'
-					. 'This secret word must match the word you configure in the LMS.'
+				'This secret word is used to validate logins from an LMS using LTI 1.1. '
+					. 'This secret word must match the word configured in the LMS.'
 			),
 			type => 'text'
 		},
+		'LTI{v1p3}{PlatfromID}' => {
+			var  => 'LTI{v1p3}{PlatformID}',
+			doc  => x('LMS platform ID for LTI 1.3'),
+			doc2 => x('LMS platform ID used to validate logins from an LMS using LTI 1.3.'),
+			type => 'text'
+		},
+		'LTI{v1p3}{ClientID}' => {
+			var  => 'LTI{v1p3}{ClientID}',
+			doc  => x('LMS client ID for LTI 1.3'),
+			doc2 => x('LMS client ID used to validate logins from an LMS using LTI 1.3.'),
+			type => 'text',
+		},
+		'LTI{v1p3}{DeploymentID}' => {
+			var  => 'LTI{v1p3}{DeploymentID}',
+			doc  => x('LMS deployment ID for LTI 1.3'),
+			doc2 => x('LMS deployment ID used to validate logins from an LMS using LTI 1.3.'),
+			type => 'text',
+		},
+		'LTI{v1p3}{PublicKeysetURL}' => {
+			var  => 'LTI{v1p3}{PublicKeysetURL}',
+			doc  => x('LMS public keyset URL for LTI 1.3'),
+			doc2 => x('LMS public keyset URL used to validate logins from an LMS using LTI 1.3.'),
+			type => 'text',
+		},
+		'LTI{v1p3}{AccessTokenURL}' => {
+			var  => 'LTI{v1p3}{AccessTokenURL}',
+			doc  => x('LMS access token URL for LTI 1.3'),
+			doc2 => x('LMS access token URL used to validate logins from an LMS using LTI 1.3.'),
+			type => 'text',
+		},
+		'LTI{v1p3}{AccessTokenAUD}' => {
+			var  => 'LTI{v1p3}{AccessTokenAUD}',
+			doc  => x('LMS access token AUD for LTI 1.3'),
+			doc2 => x('LMS access token AUD used to validate logins from an LMS using LTI 1.3.'),
+			type => 'text',
+		},
+		'LTI{v1p3}{AuthReqURL}' => {
+			var  => 'LTI{v1p3}{AuthReqURL}',
+			doc  => x('LMS authorization request URL for LTI 1.3'),
+			doc2 => x('LMS authorization request URL used to validate logins from an LMS using LTI 1.3.'),
+			type => 'text',
+		},
 		debug_lti_parameters => {
 			var  => 'debug_lti_parameters',
 			doc  => x('Show LTI parameters (for debugging)'),
@@ -1017,6 +1059,14 @@ sub getConfigValues ($ce) {
 			$LTIConfigValues->{'LTI{v1p3}{LMS_url}'} =
 				{ %{ delete $LTIConfigValues->{'LTI{v1p1}{LMS_url}'} }, var => 'LTI{v1p3}{LMS_url}' };
 			delete $LTIConfigValues->{'LTI{v1p1}{BasicConsumerSecret}'};
+		} else {
+			for my $key (
+				'PlatformID',     'ClientID',       'DeploymentID', 'PublicKeysetURL',
+				'AccessTokenURL', 'AccessTokenAUD', 'AuthReqURL'
+				)
+			{
+				delete $LTIConfigValues->{"LTI{v1p3}{$key}"};
+			}
 		}
 
 		push(