Merge pull request #2352 from drgrice1/lti-1.3-audience-hotfix

pstaabp · web-flow · commit ce77ae51c162 · 2024-03-13T16:00:23.000-04:00
Separate the LTI 1.3 audience and URL and correct iss claim (hotfix of #2342)
diff --git a/conf/authen_LTI_1_3.conf.dist b/conf/authen_LTI_1_3.conf.dist
@@ -100,6 +100,7 @@ $LTI{v1p3}{ClientID}        = '';
 $LTI{v1p3}{DeploymentID}    = '';
 $LTI{v1p3}{PublicKeysetURL} = '';
 $LTI{v1p3}{AccessTokenURL}  = '';
+$LTI{v1p3}{AccessTokenAUD}  = '';
 $LTI{v1p3}{AuthReqURL}      = '';
 
 # In the process of LTI 1.3 authentication a request is sent to the LMS in response to its
diff --git a/lib/WeBWorK/Authen/LTIAdvantage.pm b/lib/WeBWorK/Authen/LTIAdvantage.pm
@@ -205,9 +205,9 @@ sub get_credentials ($self) {
 	}
 
 	# Get the target_link_uri from the claims.
-	$c->stash->{LTILauncRedirect} = $claims->{'https://purl.imsglobal.org/spec/lti/claim/target_link_uri'};
+	$c->stash->{LTILaunchRedirect} = $claims->{'https://purl.imsglobal.org/spec/lti/claim/target_link_uri'};
 
-	unless (defined $c->stash->{LTILauncRedirect}) {
+	unless (defined $c->stash->{LTILaunchRedirect}) {
 		$self->{error} = $c->maketext(
 			'There was an error during the login process.  Please speak to your instructor or system administrator.');
 		warn 'LTI is not properly configured (failed to obtain target_link_uri). '
@@ -218,7 +218,7 @@ sub get_credentials ($self) {
 
 	# Get the courseID from the target_link_uri and verify that it is the same as the one that was in the state.
 	my $location = $c->location;
-	my $target   = $c->url_for($c->stash->{LTILauncRedirect})->path;
+	my $target   = $c->url_for($c->stash->{LTILaunchRedirect})->path;
 	my $courseID;
 	$courseID = $1 if $target =~ m|$location/([^/]*)|;
 
diff --git a/lib/WeBWorK/Authen/LTIAdvantage/SubmitGrade.pm b/lib/WeBWorK/Authen/LTIAdvantage/SubmitGrade.pm
@@ -137,8 +137,8 @@ async sub get_access_token ($self) {
 	my $jwt = eval {
 		encode_jwt(
 			payload => {
-				aud => $ce->{LTI}{v1p3}{AccessTokenURL},
-				iss => $c->url_for('root')->to_abs->to_string,
+				aud => $ce->{LTI}{v1p3}{AccessTokenAUD},
+				iss => $ce->{LTI}{v1p3}{ClientID},
 				sub => $ce->{LTI}{v1p3}{ClientID},
 				jti => $private_key->{kid}
 			},
diff --git a/lib/WeBWorK/ContentGenerator/LTIAdvantage.pm b/lib/WeBWorK/ContentGenerator/LTIAdvantage.pm
@@ -24,7 +24,7 @@ sub login ($c) {
 }
 
 sub launch ($c) {
-	return $c->redirect_to($c->systemLink($c->url_for($c->stash->{LTILauncRedirect})));
+	return $c->redirect_to($c->systemLink($c->url_for($c->stash->{LTILaunchRedirect})));
 }
 
 sub keys ($c) {

Original file line number	Diff line number	Diff line change
`@@ -24,7 +24,7 @@ sub login ($c) {`
`24`	`24`	`}`
`25`	`25`
`26`	`26`	`sub launch ($c) {`
`27`		`- return $c->redirect_to($c->systemLink($c->url_for($c->stash->{LTILauncRedirect})));`
	`27`	`+ return $c->redirect_to($c->systemLink($c->url_for($c->stash->{LTILaunchRedirect})));`
`28`	`28`	`}`
`29`	`29`
`30`	`30`	`sub keys ($c) {`