Documentation more explained about integration between lms and rating-php

Question

Documentation more explained about integration between lms and rating-php

xcesaralejandro opened this issue 4 years ago · comments

César Alejandro Mora Cid commented 4 years ago

First of all, sorry for my english.

Hi, i new developing LTI and your project it's very interesting, but your documentation about correct integration between lms and rating example is too unfinished.
Maybe your assume something because you have previous experience, but for much programmer new it's some confused.
Can you help me with more documentation? it can help other persons.

if these question can be resolved for each item, its great. ¿What is?¿How i can get it?

LTI 1.3 integration:

Platform ID
Client ID
Deployment ID
Authorization server ID
Authentication request
URL
Access token URL
Public key
JSON webkey URL (jku)
Protected
Properties

In config.php :
¿How i can build ?
define('PRIVATE_KEY', <<< EOD
-----BEGIN RSA PRIVATE KEY-----
Insert private key here
-----END RSA PRIVATE KEY-----
EOD
);

Stephen Vickers · Answer 1 · Sun Sep 13 2020 16:41:59 GMT+0800 (China Standard Time)

I am sorry you find my documentation incomplete. As a tool, you will need to obtain the platform ID, client ID, deployment ID, authorization server ID, authentication request URL, access token URL and public key (or JSON webkey URL) from the platform being used by your customer. The Usage section of the documentation provides an explanation of the Protected setting ("Whether launch requests from this tool consumer should only be accepted if the same GUID value is passed") and the Properties setting ("Name and value pairs for the consumer settings, such as those used to configure an API hook"). Setting the former helps to prevent a consumer key from being used by more than one platform; the latter would normally be left empty unless you are using the API hooks. The generation of secure keys is beyond the scope of this application but, if you want to use any of the LTI services with LTI 1.3, then I would suggest you look at section "3.2.1 Private Key Management" of the LTI Advantage Implementation Guide on the IMS website.

Hope that helps.

César Alejandro Mora Cid · Answer 2 · Sun Sep 13 2020 23:38:45 GMT+0800 (China Standard Time)

Thank you very much friend, it has helped me to clarify some doubts.

César Alejandro Mora Cid · Answer 3 · Thu Sep 17 2020 09:50:26 GMT+0800 (China Standard Time)

Hi Stephen Vickers,
I'm sorry to have to bother you again, but I'm going crazy, I can't visualize the rating display correctly in canvas LMS.
I don't know if it's a configuration problem or a bug, but no matter how hard I try to configure, I only receive a connection error.

My tool configuration is:

Reference:

My platform configuration is:

OBSERVATION: Canvas does not allow me to use the JWK URL (http://localhost/ltirating/jwks.php), Since the json it requires should not be inside keys.

All LTI Advantage Services are active

I'm embarrassed to have to turn to you, especially with such a long thread, but this is new to me and I'm doing my best to understand everything and thus use your amazing library in the future.

I have reviewed the code and in the connect.php file the class "RatingTool" is created in the if, but the $ tool-> handleRequest (); send direct to error function.

Before executing the handleRequest (); I have noticed that my object is missing some parameters.
[consumer] =>
[platform] =>
[returnUrl] =>
[userResult] =>
[resourceLink] =>
[context] =>
[defaultEmail] =>

Which leads me to think that I am doing something wrong in the configuration, maybe a link that should not have a certain structure.

Stephen Vickers · Answer 4 · Thu Sep 17 2020 10:01:29 GMT+0800 (China Standard Time)

I know from my own testing and from others that this code is working. Have you checked the log files for error messages. My suspicion is that it is a certificate issue. Canvas does allow the use of the JWKS endpoint - just change the metodo JWK option. Also make sure that you have completed all the required settings in the config.php file.

César Alejandro Mora Cid · Answer 5 · Thu Sep 17 2020 11:26:32 GMT+0800 (China Standard Time)

To create the RSA key I am using this online generator:
https://travistidwell.com/jsencrypt/demo/

Regarding the url, you are absolutely right, if it can be added directly in canvas, the detail is that the default interface adds an empty json {} that then tries to validate, for which you have to remove the characters from the field so that consider just the url.

I finally have an error in my logs:
[Thu Sep 17 00:16:19.828925 2020] [php7:notice] [pid 16000:tid 1808] [client ::1:61446] [ERROR] Request failed with reason: 'Platform not found or no platform authentication request URL'\r\nSee: \r\n C:\\xampp74\\htdocs\\ltirating\\vendor\\celtic\\lti\\src\\Util.php line 160\r\n C:\\xampp74\\htdocs\\ltirating\\vendor\\celtic\\lti\\src\\Tool.php line 371\r\n C:\\xampp74\\htdocs\\ltirating\\connect.php line 35

From the description of the error I understand that the problem may be due to the incorrect redirection link, but I have taken the link from the canvas documentation. So what can I attribute the problem to?

Canvas Doc reference

My config.php file is completed with all the requested fields, perhaps the relevant data is:
define('SIGNATURE_METHOD', 'RS256'); define('KID', 'asd123'); // A random string to identify the key value define('PRIVATE_KEY', <Private Key obtained from online generator>);

And once again thanks for the reply Stephen

Stephen Vickers · Answer 6 · Thu Sep 17 2020 17:25:12 GMT+0800 (China Standard Time)

If the jwks.php endpoint is not returning a key, then this suggests that the JWT library does not support your private key. What size key are you generating? For RS256 I believe the size should be 2,048 bits. However, this key is only used for requests/messages sent from the tool, so is not used for launches from a platform, so this should not be an issue here.

Have you tried setting the log level to debug in case that provides more clues?

Your Identificacion de la herramienta setting also looks odd to me - this should be an identifier of the tool, not the platform. Try using something like ltirating.

I also think that the platform ID used by Canvas will be https://canvas.beta.instructure.com, but this should be evident from the debug-level log entries.

César Alejandro Mora Cid · Answer 7 · Thu Sep 17 2020 21:50:05 GMT+0800 (China Standard Time)

Hi Stephen,
I have tried with all the RSA sizes and I always get the same result, but after your suggestion I have left the 2,048-bit key.

When I try to use another "Platform ID" other than https://canvas.beta.instructure.com I always get the following log:

[Thu Sep 17 10:05:07.828552 2020] [php7:notice] [pid 9656:tid 1828] [client ::1:62616] [ERROR] Request failed with reason: 'Platform not found or no platform authentication request URL'\r\nSee: \r\n C:\\xampp74\\htdocs\\vendor\\celtic\\lti\\src\\Util.php line 160\r\n C:\\xampp74\\htdocs\\vendor\\celtic\\lti\\src\\Tool.php line 371\r\n C:\\xampp74\\htdocs\\connect.php line 33

When I define it as https://canvas.beta.instructure.com get a new error log:
[Thu Sep 17 10:39:48.031277 2020] [php7:notice] [pid 11568:tid 1832] [client ::1:63040] [DEBUG] DELETE FROM lti2_nonce WHERE expires <= :now [Thu Sep 17 10:39:48.031277 2020] [php7:notice] [pid 11568:tid 1832] [client ::1:63040] [DEBUG] SELECT value T FROM lti2_nonce WHERE (consumer_pk = :id) AND (value = :value) [Thu Sep 17 10:39:48.038259 2020] [php7:notice] [pid 11568:tid 1832] [client ::1:63040] [DEBUG] INSERT INTO lti2_nonce (consumer_pk, value, expires) VALUES (:id, :value, :expires) [Thu Sep 17 10:39:48.728281 2020] [php7:notice] [pid 11568:tid 1832] [client ::1:63040] [ERROR] Request failed with reason: 'state parameter is invalid or missing'\r\nSee: \r\n C:\\xampp74\\htdocs\\vendor\\celtic\\lti\\src\\Util.php line 160\r\n C:\\xampp74\\htdocs\\vendor\\celtic\\lti\\src\\Tool.php line 371\r\n C:\\xampp74\\htdocs\\connect.php line 33

And my access log saves the following requests:
::1 - - [17/Sep/2020:10:39:48 -0300] "POST /connect.php HTTP/1.1" 200 1496 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.102 Safari/537.36" ::1 - - [17/Sep/2020:10:39:48 -0300] "POST /connect.php HTTP/1.1" 200 775 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.102 Safari/537.36" ::1 - - [17/Sep/2020:10:39:48 -0300] "GET /js/jquery.min.js HTTP/1.1" 404 1302 "http://localhost/connect.php" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.102 Safari/537.36" ::1 - - [17/Sep/2020:10:40:38 -0300] "GET /admin/?id=4 HTTP/1.1" 200 7206 "http://localhost/admin/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.102 Safari/537.36"
The jwks.php file is returning the public key

I have also downloaded your project again and mounted it directly in the root of my local server to avoid (localhost/ltirating/something.php). When I read the LTI specification it mentions that it requires a DNS server, is it possible that the error arises when it is on a local server? or should it still work?

Stephen Vickers · Answer 8 · Thu Sep 17 2020 22:01:14 GMT+0800 (China Standard Time)

It looks like changing the platform ID to incude the https:// has fixed your original issue (platform not found). Now it is complaining about the state value which looks more like a database issue. Your error log should also include a copy of the requests you are receiving and sending so you can confirm whether the state value being received is correct. If it is, then it looks like its value is not being saved in the nonce table.

I am not aware of any special DNS requirements for LTI - where did you read about this?

César Alejandro Mora Cid · Answer 9 · Thu Sep 17 2020 22:41:28 GMT+0800 (China Standard Time)

My error log in debug mode does not show anything related to a request (HTTP or HTTPS query) only what I added in the comment above. The nonces are generated in the database when reloading the LTI page (A new nonce for every refresh).

Regarding DNS, in lti 1.3 spec points:

3.3.1 Tool Domain(s)
3.3.2 Domain Matching
Actually, these points refer to domain matching, but when working locally I don't have a public domain configured, so I thought that this could also generate errors.

Stephen Vickers · Answer 10 · Thu Sep 17 2020 23:03:28 GMT+0800 (China Standard Time)

Then perhaps you are setting the debug-level logging too late in your code, hence it is not recording the HTTP requests. Did you change it in the init function in the lib.php file? You could also try adding a custom parameter named "debug" with a value of "true" to the Canvas configuration, or setting the debug option on in the admin (platform configuration) page.

Domain matching is concerned with how a platform identifies the LTI credentials to be used with an LTI launch message - it can use the domain in the launch URL to look them up.

César Alejandro Mora Cid · Answer 11 · Fri Sep 18 2020 00:11:06 GMT+0800 (China Standard Time)

Hi Stephen,

I had two instances of Rating LTI registered in canvas, one in a local environment and another in a server with https. When deleting the application registered in the https server, I only have one instance of Rating LTI in canvas (The local instance).

After the removal I checked the deployment_id of the instance that was installed (local) and I realized that the "deployment id" had changed, so I updated it in the LTI rating administration and it has worked.

Perhaps uninstalling an instance of the canvas application has removed some internal cache that may have been interfering.

Now I get an error of type "ERROR: Unable to open session.", But this is related to the creation of the session, which depends on the configuration of the server or the version of PHP.

I really appreciate all your help, I wouldn't have done it alone or at least it would have taken me three times as long.

Stephen Vickers is my new hero.

Stephen Vickers · Answer 12 · Fri Sep 18 2020 01:24:51 GMT+0800 (China Standard Time)

Excellent news, thanks for using my library and LTI.