eduplex-api / cake-api-lti
LTI plugin for CakePHP
0.1.14
2024-08-07 10:00 UTC
Requires
- php: >=7.2
- ext-json: *
- cakephp/cakephp: ^4.3
- cakephp/migrations: ^3.2
- ct-imsglobal/lti-1p3-tool: 0.1.6
- firebase/php-jwt: 5.*
- freefri/cake-rest-api: ^0.5.18
Requires (Dev)
- freefri/cake-rest-api-fake-app: ^0.1.3
- phpunit/phpunit: ^8.5 || ^9.3
README
LTI implementation
Works with
CakePHP Plugin to run on top of cake-rest-api.
Setup
Some settings need to be exchanged manually between Platform and Tool.
Settings provided from the tool:
- Tool URL: https://www.example.com/launch/
- Initiate login URL
Platform.LTI.toolLoginUrl
: https://www.example.com/login/ - Redirection URL(S)
Platform.LTI.toolRedirectionUrl
: https://www.example.com/launch/ - Public Keyset URL
Platform.LTI.toolKeysetUrl
: https://www.example.com/jwks/
Settings provided from the Platform:
- Platform ID/URL: https://www.example.com/api/v3/lti/platform
- Client ID
Platform.LTI.clientId
: xxxxxxxx-yyyy-xxxx-yyyy-xxxxxxxxxxxx - Deployment ID
Platform.LTI.deploymentId
: xxxxxxxx-yyyy-xxxx-yyyy-xxxxxxxxxxxx - Public keyset URL https://www.example.com/api/v3/lti/platform/jwks
- Access token URL https://www.example.com/api/v3/lti/platform/token
- Authentication request URL https://www.example.com/api/v3/lti/platform/login
In the Platform Config settings, we should store the config values, to be accessible via Configure::read('Platform.LTI.<…>')
.
An RSA private key must be generated and stored in the .env RSA_PRIVATE_KEY_BASE64
:
openssl ecparam -name prime256v1 -genkey -noout -out private.key
openssl ec -in private.key -pubout -out public.pem
echo "RSA_PRIVATE_KEY_BASE64=" && base64 -w 9999 private.key
Openapi documentation
Swagger UI in /api/v3/lti/openapi/
Demo Tool workflow
Here is a flowchart of the launch process:
sequenceDiagram
title LTI demo launch flow
participant User as User
participant Platform as LTI Platform<br>(Tool Consumer)
participant Tool as LTI Tool<br>(Tool Provider)
User->>Platform: Access Tool via iframe
Platform->>Tool: Render iframe in loginUrl
Note right of Tool: Params: <br> iss <br> lti_deployment_id <br> client_id <br> target_link_uri (redirect URI)
Tool->>Tool: do_oidc_login_redirect()
Tool->>Platform: Redirect to Platform loginUrl(client_id, redirect_uri)
Note left of Platform: Params: <br> scope <br> response_type <br> response_mode <br> prompt <br> client_id <br> redirect_uri <br> state <br> nonce
Platform->>Tool: Post form to redirect_uri
Note right of Tool: Params: <br> state <br> id_token (JWT)
Tool->>Tool: Validate JWT (LtiMessageLaunch)
License
The source code for the site is licensed under the MIT license, which you can find in the LICENSE file.