Examples of usage, por favor
perllaghu opened this issue · comments
I'm trying to create an LTI-provider endpoint for a Django service, and I'm finding it difficult as the documentation is .... sparse.
Are there any examples of working code available? Any further documentation?
Cheers..
The documentation is exactly as you've described it: sparse. This is something that I would love to see a pull request for, but I haven't had the time to get around to it yet.
There is documentation specific to Django and the ToolProvider's usage in the README, and apart from that the only thing remaining would be to look at the code. If you have specific questions, perhaps about something you might be missing from the README, let me know, I'll be happy to help. If you'd like to share the relevant parts of your code as a gist, I'd be happy to take a look and tell you if I'm seeing something.
One thing that I do know that you'll need to take care of is creating an OAuth validator. The documentation for that is http://oauthlib.readthedocs.io/en/latest/oauth1/validator.html. You will especially need to implement those methods that are marked as required for the SignatureOnlyEndpoint, which is what we use internally to validate an LTI request.
I hope that gives you a good starting point.
Hello,
I'm stuck in the same part of the documentation as perllaghu.
I was using the ims_lti_py lib (https://github.com/tophatmonocle/ims_lti_py) and this lib was pretty simple to use with Django:
from ims_lti_py.tool_provider import DjangoToolProvider
def view(request):
tool_provider = DjangoToolProvider('the key', 'the secret', request.POST)
try:
tool_provider.valid_request(request)
except Exception as e:
# access denied
else:
# access ok
I took a look at the oauth1 validator but I didn't found how to do the same thing with this lib.
Is it possible to add an example to do the same thing (which is the most common use case I think) ?
Regards
To create a validator, if you have 'the key' and 'the secret', as in your example above, it might look like this:
from oauthlib.oauth1 import RequestValidator
class MyRequestValidator(RequestValidator):
# enforce_ssl = True # default False
client_key_length = (3, 50)
nonce_length = (13, 50)
dummy_client = '' # Need to watch for this one
def validate_timestamp_and_nonce(*args, **kwargs):
# Validate the nonce here
return True
def validate_client_key(self, client_key, request):
return client_key == 'the key'
def get_client_secret(self, client_key, request):
# Always return a secret, even if the client key is bad.
# OAuthlib still runs the validation steps to avoid timing attacks.
return 'the secret' if client_key != self.dummy_client else '' # dummy secretThen to use it you'd say:
def view(request):
tool_provider = DjangoToolProvider.from_django_request(request)
valid = tool_provider.is_valid_request(MyRequestValidator())
# Do something now that you know whether it's valid or not.I hope that helps!
I ended up using https://github.com/ccnmtl/django-lti-provider-example
..... which was fine for me, as I was working in a django app.
Hello, thank you for your response. I am now stuck with another problem that has nothing to do with this lib. In our code we used "lti" for the name of our Django app and since this lib has the same name I cannot import it because the app is imported first. I cannot rename it easily because it is a Django app I will have to handle database migrations. So I think I'm stuck with the old lib we used...
Perhaps you might be able to move things into a namespace directory? That's what I've done for my main project, and it's working well for us.
I have found a way: I create a new app and I inject in the new app the data from the previous one.
I have tested with my use case the example you provided and it is working as expected.
I think it should be good to add this example of RequestValidator in the README examples.
Thank you again for your help !
You're most welcome! Feel free to make a pull request with the README changes you'd like to see.