Safe Haskell | None |
---|---|
Language | Haskell2010 |
A Yesod authentication module for LTI 1.3
See example/Main.hs
for a sample implementation.
Configuration:
- Login initiation URL: http://localhost:3000/auth/page/lti13/initiate
- JWKs URL: http://localhost:3000/auth/page/lti13/jwks
- Tool link URL: http://localhost:3000
Synopsis
- authLTI13 :: YesodAuthLTI13 m => AuthPlugin m
- authLTI13WithWidget :: YesodAuthLTI13 m => ((Route Auth -> Route m) -> WidgetFor m ()) -> AuthPlugin m
- class YesodAuth site => YesodAuthLTI13 site where
- checkSeenNonce :: Nonce -> AuthHandler site Bool
- retrievePlatformInfo :: (Issuer, Maybe ClientId) -> AuthHandler site PlatformInfo
- retrieveOrInsertJwks :: IO ByteString -> AuthHandler site ByteString
- getLtiIss :: CredsExtra -> Maybe Issuer
- getLtiSub :: CredsExtra -> Maybe Issuer
- getLtiToken :: CredsExtra -> Maybe LtiTokenClaims
- newtype LtiTokenClaims = LtiTokenClaims {}
- data UncheckedLtiTokenClaims = UncheckedLtiTokenClaims {
- messageType :: Text
- ltiVersion :: Text
- deploymentId :: Text
- targetLinkUri :: Text
- roles :: [Role]
- email :: Maybe Text
- displayName :: Maybe Text
- firstName :: Maybe Text
- lastName :: Maybe Text
- context :: Maybe ContextClaim
- lis :: Maybe LisClaim
- data ContextClaim = ContextClaim {
- contextId :: Text
- contextLabel :: Maybe Text
- contextTitle :: Maybe Text
- data LisClaim = LisClaim {}
- data Role
- anonymizeLtiTokenForLogging :: UncheckedLtiTokenClaims -> AnonymizedLtiTokenClaims
- newtype AnonymizedLtiTokenClaims = AnonymizedLtiTokenClaims UncheckedLtiTokenClaims
- data PlatformInfo = PlatformInfo {}
- type Issuer = Text
- type ClientId = Text
- type Nonce = ByteString
Integration with your site
authLTI13 :: YesodAuthLTI13 m => AuthPlugin m Source #
Auth plugin. Add this to appAuthPlugins
to enable this plugin.
authLTI13WithWidget :: YesodAuthLTI13 m => ((Route Auth -> Route m) -> WidgetFor m ()) -> AuthPlugin m Source #
Auth plugin. The same as authLTI13
but you can provide your own template
for the login hint page.
class YesodAuth site => YesodAuthLTI13 site where Source #
Callbacks into your site for LTI 1.3
checkSeenNonce :: Nonce -> AuthHandler site Bool Source #
Check if a nonce has been seen in the last validity period. It is expected that nonces given to this function are stored somewhere, returning False, then when seen again, True should be returned. See the <http://www.imsglobal.org/spec/security/v1p0/#authentication-response-validation relevant section of the IMS security specification> for details.
retrievePlatformInfo :: (Issuer, Maybe ClientId) -> AuthHandler site PlatformInfo Source #
Get the configuration for the given platform.
It is possible that the relation between Issuer and ClientId is 1
to n rather than 1 to 1, for instance in the case of cloud hosted
Canvas. You *must* therefore key your PlatformInfo
retrieval
with the pair of both and throw an error if there are multiple
ClientId
for the given Issuer
and the ClientId
is Nothing
.
:: IO ByteString | |
-> AuthHandler site ByteString |
Retrieve JWKs list from the database or other store. If not
present, please create a new one by evaluating the given IO
, store
it, and return it.
credsExtra
getters
getLtiToken :: CredsExtra -> Maybe LtiTokenClaims Source #
Gets and decodes the extra token claims with the full LTI launch
information from a credsExtra
Data model
Token data
newtype LtiTokenClaims #
An object representing in the type system a token whose claims have been validated.
Instances
Eq LtiTokenClaims | |
Defined in Web.LTI13 (==) :: LtiTokenClaims -> LtiTokenClaims -> Bool # (/=) :: LtiTokenClaims -> LtiTokenClaims -> Bool # | |
Show LtiTokenClaims | |
Defined in Web.LTI13 showsPrec :: Int -> LtiTokenClaims -> ShowS # show :: LtiTokenClaims -> String # showList :: [LtiTokenClaims] -> ShowS # |
data UncheckedLtiTokenClaims #
LTI specific claims on a token. You should not accept this type, and
instead prefer the newtype
LtiTokenClaims
which has had checking
performed on it.
UncheckedLtiTokenClaims | |
|
Instances
Eq UncheckedLtiTokenClaims | |
Defined in Web.LTI13 | |
Show UncheckedLtiTokenClaims | |
Defined in Web.LTI13 showsPrec :: Int -> UncheckedLtiTokenClaims -> ShowS # show :: UncheckedLtiTokenClaims -> String # showList :: [UncheckedLtiTokenClaims] -> ShowS # | |
ToJSON UncheckedLtiTokenClaims | |
Defined in Web.LTI13 | |
FromJSON UncheckedLtiTokenClaims | |
Defined in Web.LTI13 |
data ContextClaim #
LTI spec § 5.4.1 context claim
ContextClaim | |
|
Instances
Eq ContextClaim | |
Defined in Web.LTI13 (==) :: ContextClaim -> ContextClaim -> Bool # (/=) :: ContextClaim -> ContextClaim -> Bool # | |
Show ContextClaim | |
Defined in Web.LTI13 showsPrec :: Int -> ContextClaim -> ShowS # show :: ContextClaim -> String # showList :: [ContextClaim] -> ShowS # | |
ToJSON ContextClaim | |
Defined in Web.LTI13 toJSON :: ContextClaim -> Value # toEncoding :: ContextClaim -> Encoding # toJSONList :: [ContextClaim] -> Value # toEncodingList :: [ContextClaim] -> Encoding # | |
FromJSON ContextClaim | |
Defined in Web.LTI13 parseJSON :: Value -> Parser ContextClaim # parseJSONList :: Value -> Parser [ContextClaim] # |
LTI spec § D LIS claim
LisClaim | |
|
Roles in the target context (≈ course/section); see LTI spec § A.2.2 and LTI spec § 5.3.7 for details
Anonymization
newtype AnonymizedLtiTokenClaims #
LTI token claims from which all student data has been removed. For logging.
Instances
Eq AnonymizedLtiTokenClaims | |
Defined in Web.LTI13 | |
Show AnonymizedLtiTokenClaims | |
Defined in Web.LTI13 showsPrec :: Int -> AnonymizedLtiTokenClaims -> ShowS # show :: AnonymizedLtiTokenClaims -> String # showList :: [AnonymizedLtiTokenClaims] -> ShowS # |
Auth
data PlatformInfo #
Preregistered information about a learning platform
PlatformInfo | |
|
client_id
, one or more per platform; LTI spec § 3.1.3
type Nonce = ByteString #