LTI 1.3

The Setup Process.

First, the teacher needs to register the platform with us, or have an administration register the platform with us. After the our tool is added to the platform.

First, the teacher types in the Platform ID (issuer) on our site. Our site will look up to see if the issuer already exists. If it does, then we'll just ask for the Deployment ID. If it does not, then we'll need to ask for the Client ID, Public keyset URL, Access token URL, and Authentication request URL.

After that, the Deployment ID will need to be confirmed with the instructor. Possibly. Do we need to do this? It might be good, so that no other teacher gets access to their course.

The Deployment ID is used to link the LTI launch to a specific deployment (e.g. course key). I believe that if the teacher messes up with copying over the Deployment ID...... no.... A Deployment ID can be associated with an entire institution, therefore it can't be used to distinguish between courses...

So what's the point?

According to our current LTI code, the course_key is passed in through the tool URL.

Perhaps can use both. The deployment_id is given to us from the launch, and then we can confirm that the course_key exists for the deployment_id and issuer. Perhaps it's time to look at the source code.

An 'Authorization: Bearer **token**' header is sent by the tool to the platform when messages go that direction. My external Moodle installation (on natural20design.com) was ignoring the Authorization headers, and replying with a 401 Unauthorized error. I had to add the following items to .htaccess on my Moodle.

SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1 SetEnvIf Content-Type "(.*)" HTTP_CONTENT_TYPE=$1 SetEnvIf Accept "(.*)" HTTP_ACCEPT=$1

We will need to have other people do this as well, if there are any issues with their Moodle throwing a 401 error.