diff --git a/conf/authen_LTI.conf.dist b/conf/authen_LTI.conf.dist index 25145c9d01..114d762f02 100644 --- a/conf/authen_LTI.conf.dist +++ b/conf/authen_LTI.conf.dist @@ -169,7 +169,9 @@ $LTIMassUpdateInterval = 86400; #in seconds # the tab will not be shown. Note that the default values for the variables that will be shown # in the LTI tab are the values that are set above. Further note that only the commented out # variables listed below may be added to the LTI config tab. In addition, only the variables that -# pertain to the active LTI version will be shown in the tab. +# pertain to the active LTI version will be shown in the tab. Warning: Allowing users to modify +# the BasicConsumerSecret for LTI 1.1 or the IDs, URLs, etc for LTI 1.3 can expose the values +# of the variables and allow users to lock themselves out of logging in via an LMS. @LTIConfigVariables = ( #'LTI{v1p1}{LMS_name}', #'LTI{v1p3}{LMS_name}', @@ -181,6 +183,13 @@ $LTIMassUpdateInterval = 86400; #in seconds #'LTIMassUpdateInterval', #'LMSManageUserData', #'LTI{v1p1}{BasicConsumerSecret}', + #'LTI{v1p3}{PlatformID}', + #'LTI{v1p3}{ClientID}', + #'LTI{v1p3}{DeploymentID}', + #'LTI{v1p3}{PublicKeysetURL}', + #'LTI{v1p3}{AccessTokenURL}', + #'LTI{v1p3}{AccessTokenAUD}', + #'LTI{v1p3}{AuthReqURL}', #'debug_lti_parameters', #'lms_context_id' ); diff --git a/lib/WeBWorK/ConfigValues.pm b/lib/WeBWorK/ConfigValues.pm index 795e2c2289..e1226ab9d8 100644 --- a/lib/WeBWorK/ConfigValues.pm +++ b/lib/WeBWorK/ConfigValues.pm @@ -923,13 +923,55 @@ sub getConfigValues ($ce) { }, 'LTI{v1p1}{BasicConsumerSecret}' => { var => 'LTI{v1p1}{BasicConsumerSecret}', - doc => x('Set the shared secret used for the LMS'), + doc => x('LMS shared secret for LTI 1.1 authentication'), doc2 => x( - 'This is a secret word that is used to validate information between WeBWorK and the LMS.' - . 'This secret word must match the word you configure in the LMS.' + 'This secret word is used to validate logins from an LMS using LTI 1.1. ' + . 'This secret word must match the word configured in the LMS.' ), type => 'text' }, + 'LTI{v1p3}{PlatfromID}' => { + var => 'LTI{v1p3}{PlatformID}', + doc => x('LMS platform ID for LTI 1.3'), + doc2 => x('LMS platform ID used to validate logins from an LMS using LTI 1.3.'), + type => 'text' + }, + 'LTI{v1p3}{ClientID}' => { + var => 'LTI{v1p3}{ClientID}', + doc => x('LMS client ID for LTI 1.3'), + doc2 => x('LMS client ID used to validate logins from an LMS using LTI 1.3.'), + type => 'text', + }, + 'LTI{v1p3}{DeploymentID}' => { + var => 'LTI{v1p3}{DeploymentID}', + doc => x('LMS deployment ID for LTI 1.3'), + doc2 => x('LMS deployment ID used to validate logins from an LMS using LTI 1.3.'), + type => 'text', + }, + 'LTI{v1p3}{PublicKeysetURL}' => { + var => 'LTI{v1p3}{PublicKeysetURL}', + doc => x('LMS public keyset URL for LTI 1.3'), + doc2 => x('LMS public keyset URL used to validate logins from an LMS using LTI 1.3.'), + type => 'text', + }, + 'LTI{v1p3}{AccessTokenURL}' => { + var => 'LTI{v1p3}{AccessTokenURL}', + doc => x('LMS access token URL for LTI 1.3'), + doc2 => x('LMS access token URL used to validate logins from an LMS using LTI 1.3.'), + type => 'text', + }, + 'LTI{v1p3}{AccessTokenAUD}' => { + var => 'LTI{v1p3}{AccessTokenAUD}', + doc => x('LMS access token AUD for LTI 1.3'), + doc2 => x('LMS access token AUD used to validate logins from an LMS using LTI 1.3.'), + type => 'text', + }, + 'LTI{v1p3}{AuthReqURL}' => { + var => 'LTI{v1p3}{AuthReqURL}', + doc => x('LMS authorization request URL for LTI 1.3'), + doc2 => x('LMS authorization request URL used to validate logins from an LMS using LTI 1.3.'), + type => 'text', + }, debug_lti_parameters => { var => 'debug_lti_parameters', doc => x('Show LTI parameters (for debugging)'), @@ -1017,6 +1059,14 @@ sub getConfigValues ($ce) { $LTIConfigValues->{'LTI{v1p3}{LMS_url}'} = { %{ delete $LTIConfigValues->{'LTI{v1p1}{LMS_url}'} }, var => 'LTI{v1p3}{LMS_url}' }; delete $LTIConfigValues->{'LTI{v1p1}{BasicConsumerSecret}'}; + } else { + for my $key ( + 'PlatformID', 'ClientID', 'DeploymentID', 'PublicKeysetURL', + 'AccessTokenURL', 'AccessTokenAUD', 'AuthReqURL' + ) + { + delete $LTIConfigValues->{"LTI{v1p3}{$key}"}; + } } push(