[Question] Correct way to overwrite Tool class and call LTI Advantage services about lti-php HOT 12 CLOSED

Thanks for the enquiry. For more details on the class properties, I recommend you review the class definition documentation referenced on the Usage page in the documentation on this site (https://github.com/celtic-project/LTI-PHP/wiki/Usage). You will see that consumer is deprecated in favour of platform to reflect the new terminology introduced by IMS.

As far as the context is concerned, make sure that your platform is supplying the context_id parameter in its launch message. If it does not, the context cannot be used because it is not being defined. You can, however, use the ResourceLink->getMemberships() method instead.

from lti-php.

Thanks for clarifying the first point. Regarding the second I am getting context_type and context_id from the jwt inside the lti_message_hint parameter.

I have tried calling $this->resourceLink->getMemberships() in the onLaunch() method but I get false (When I tried to get the list of members from the context still I got a false and not a null).

I have also registered the following api hook in the constructor of the Tool class override.
ResourceLink::registerApiHook(ApiHook::$MEMBERSHIPS_SERVICE_HOOK, 'canvas', 'celtic\lti\ApiHook\canvas\CanvasApiResourceLink');

After installing his test application "Rating LTI" I told him that I had problems with the sessions, the reason was that in chrome the cookies are being blocked by the new security policy and the sessions depend on the cookies, I tried a solution with session_set_cookie_params() and a .htaccess but I couldn't fix it. Is it possible that I cannot access the members due to some browser restriction? In any case, I have tried in other browsers and I still get a false.

from lti-php.

The lti_message_hint parameter is intended to be opaque to a tool and so will not be used to obtain a context's ID; this is obtained from the context_id parameter (or the https://purl.imsglobal.org/spec/lti/claim/context/id claim in LTI 1.3).

Does the user list option work for you in the Rating app? What errors are being logged when you try to make requests to the Memberships service? Set the logging level to debug to also capture successful service requests. Perhaps your platform is not offering the Membership service to your tool, and/or your API hook is not properly configured. I can confirm that the user list is working in the Rating app.

from lti-php.

To help with the same site cookie issue, try setting the session.cookie_samesite configuration option.

from lti-php.

You could also check what response you get from the hasMembershipsService() method of the Context and ResourcLink objects.

from lti-php.

Hi Stephen,
Once again I want to thank you for the time you take to help me, regarding what was discussed:

1. I have checked the jwt that comes in id_token and it does not bring a context_id key as such, but it does have a https://purl.imsglobal.org/spec/lti/claim/context key that provides information such as id, label, title, among others.

2. I have tried and both $this->resourceLink->hasMembershipsService() and $this->context->hasMembershipsService() have returned a True.

3. In the Rating application I cannot see the list of users either "Your course does not appear to offer the ability to access a list of groups, or there is none to be accessed."
   These are all the logs generated when pressing the "Show user list" button:

[Tue Sep 29 16:59:52.085201 2020] [php7:notice] [pid 1960:tid 1832] [client ::1:49605] [DEBUG] SELECT resource_link_pk, context_pk, consumer_pk, title, lti_resource_link_id, settings, primary_resource_link_pk, share_approved, created, updated FROM lti2_resource_link WHERE (resource_link_pk = :id), referer: https://localhost/clean_integration/
[Tue Sep 29 16:59:52.086245 2020] [php7:notice] [pid 1960:tid 1832] [client ::1:49605] [DEBUG] SELECT c.consumer_name, r.resource_link_pk, r.title, r.share_approved FROM lti2_resource_link r INNER JOIN lti2_consumer c ON r.consumer_pk = c.consumer_pk WHERE (r.primary_resource_link_pk = :id1) UNION SELECT c2.consumer_name, r2.resource_link_pk, r2.title, r2.share_approved FROM lti2_resource_link r2 INNER JOIN lti2_context x ON r2.context_pk = x.context_pk INNER JOIN lti2_consumer c2 ON x.consumer_pk = c2.consumer_pk WHERE (r2.primary_resource_link_pk = :id2) ORDER BY consumer_name, title, referer: https://localhost/clean_integration/
[Tue Sep 29 16:59:52.087237 2020] [php7:notice] [pid 1960:tid 1832] [client ::1:49605] [DEBUG] SELECT context_pk, consumer_pk, title, lti_context_id, type, settings, created, updated FROM lti2_context WHERE (context_pk = :id), referer: https://localhost/clean_integration/
[Tue Sep 29 16:59:52.088234 2020] [php7:notice] [pid 1960:tid 1832] [client ::1:49605] [DEBUG] SELECT consumer_pk, name, consumer_key, secret, platform_id, client_id, deployment_id, public_key, lti_version, signature_method, consumer_name, consumer_version, consumer_guid, profile, tool_proxy, settings, protected, enabled, enable_from, enable_until, last_access, created, updated FROM lti2_consumer WHERE consumer_pk = :id, referer: https://localhost/clean_integration/
[Tue Sep 29 16:59:52.100819 2020] [php7:notice] [pid 1960:tid 1832] [client ::1:49605] [DEBUG] SELECT scopes, token, expires, created, updated FROM lti2_access_token WHERE (consumer_pk = :consumer_pk), referer: https://localhost/clean_integration/

On the other hand I have tried many configurations for cookies and nothing has worked for me, the browser (chrome) always ended up blocking cookies no matter what configuration I used (In some sites it is mentioned that if secure is set to true, the required SSL certificate is skip for localhost).
Finally I have installed an SSL certificate (Self-signed certificate) and it has fixed all my problems together with a runtime configuration with session_set_cookie_params();, although the configuration can be applied directly in php.ini

For your Rating application I have added the following configuration at the beginning of the connect.php file, together with the SSL certificate it has worked in chrome (I will mention it in case someone has the same problem in the future):

session_set_cookie_params([
    'lifetime' => time()+1200, 
    'path' => '/',
    'domain' => $_SERVER['SERVER_NAME'],
    'secure' => true, 
    'httponly' => false,
    'samesite' => 'None'
]);

from lti-php.

So the issue does not appear to be related to the absence of a Context ID. But your log files show no record of any service request being made to the platform, so perhaps there is a database issue. Is any of the Rating app working - e.g. adding items as an instructor, rating items as a student? Does the platform receive any entries in its gradebook? I would suggest removing the API hook integration for now to eliminate this as the cause. You could also see if it is working with LTI 1.1.

from lti-php.

In LTI 1.1 no rows are recorded in the gradebook and I also do not get the list of users, even if I disable the api hook. In the platform all services are active and public.

Still there is some strange behavior, so I will contextualize it a bit more regarding how I have the LTI configured.
First of all I am working with LTI 1.3, and it has two defined locations ("Course Navigation" and "Resource Selection").

When I want to add RatingLTI as a new resource within the course, the tools installed to select the type of resource are listed in canvas, when I select RatingLTI it does not open an options panel or configure the default URL to add the resource, by default I directly open the application in a preview of "settings".

Omitting the last detail, the application can be added with the url manually

And the resource is created within the course, but when trying to enter I get the following error:
"Could not find valid configurations for this link"

I can only access Rating LTI from the course menu access, and as an instructor, since if I try to enter as a student I get a completely blank screen (Accessing from the course navigation menu, from the previously created resource it does not allow me to enter , still send me an error message).

When we talk about integrating the LTI as 1.0 / 1.1 / 2.0, the problems mentioned above do not appear to add the tool as one more resource of the course, I can create items as an instructor, rate them as a student and see the rating as an instructor.
The only problems are those mentioned above, no records are created in the grade book and I can't see the list of members either.
"Your course does not appear to offer the ability to access a list of users."

from lti-php.

Are you sure that endpoints for the Outcomes-related and Memberships-related services are being passed through in the launch messages? If you are not seeing any attempts to make a service request (obtain an access token in the case of LTI 1.3) in your log files then it suggests that no endpoints are being made available, or there is some other configuration issue (but less likely if you're getting the same behaviour with LTI 1.1).

from lti-php.

1. I am currently receiving a valid URL in context_memberships_url, it looks like this: https://xxxxx.beta.instructure.com/api/lti/courses/xxx/names_and_roles, when I open it in the browser I get a response invalid user, but it's obvious because I'm not passing a credential to him.

2. On the other hand, I am creating a clean connection file to consume the lti and lti adventage services, better understand their operation and thus better understand why I don't get a result in your library.

I am using your code as a guide and I have realized that to obtain the id_token in the tool you are using a self-submitting form with javascript sendForm() something similar to what you see in the IMS example.
Why don't you use an HTTP library like Guzzle?

I have tried with Guzzle, but I get the following when swapping the data to get id_token:

[utf8] => ✓
 [authenticity_token] => y+XXXXrMXsrIzis9Im+3+0WYj6ngB6WF/pXXExDLmEb5tFVS8pk6g6S/X25wCfy9F9/9gtTq9/3I9zBhdKiCdQ==
 [error] => login_required
 [error_description] => Must have an active user session
 [state] => XcyB88pk

When doing it through a self-submitting form I receive the id_token without problems, but when using an HTTP client not, even if I enable redirects. Why does this happen?

3. Why when using your Rating LTI application and configuring it as LTI 1.3 it does not work as a resource within the course, but it does in version 1.0 / 1.1 / 1.3?

Once again, thank you very much for all your help.

from lti-php.

Re 2 - the id_token is passed to the tool via the browser, so no need for the use of an HTTP library as it is not the tool which is generating or sending it.

Re 3 - if you have it working for earlier versions of LTI, then I suspect that you have a configuration issue with the LTI 1.3 credentials. If you have set the log level to debug, then your log files should record all the messages being received and sent so should give you an indication of where the error is arising.

from lti-php.

I trust this is now working for you so I will close the issue.

from lti-php.