yesod-auth-lti13-0.2.0.2: A yesod-auth plugin for LTI 1.3
Safe HaskellNone
LanguageHaskell2010

Yesod.Auth.LTI13

Description

A Yesod authentication module for LTI 1.3 See example/Main.hs for a sample implementation.

Configuration:

Synopsis

Integration with your site

authLTI13 :: YesodAuthLTI13 m => AuthPlugin m Source #

Auth plugin. Add this to appAuthPlugins to enable this plugin.

authLTI13WithWidget :: YesodAuthLTI13 m => ((Route Auth -> Route m) -> WidgetFor m ()) -> AuthPlugin m Source #

Auth plugin. The same as authLTI13 but you can provide your own template for the login hint page.

class YesodAuth site => YesodAuthLTI13 site where Source #

Callbacks into your site for LTI 1.3

Methods

checkSeenNonce :: Nonce -> AuthHandler site Bool Source #

Check if a nonce has been seen in the last validity period. It is expected that nonces given to this function are stored somewhere, returning False, then when seen again, True should be returned. See the <http://www.imsglobal.org/spec/security/v1p0/#authentication-response-validation relevant section of the IMS security specification> for details.

retrievePlatformInfo :: (Issuer, Maybe ClientId) -> AuthHandler site PlatformInfo Source #

Get the configuration for the given platform.

It is possible that the relation between Issuer and ClientId is 1 to n rather than 1 to 1, for instance in the case of cloud hosted Canvas. You *must* therefore key your PlatformInfo retrieval with the pair of both and throw an error if there are multiple ClientId for the given Issuer and the ClientId is Nothing.

retrieveOrInsertJwks Source #

Arguments

:: IO ByteString

an IO which, if evaluated, will make a new Jwk set

-> AuthHandler site ByteString 

Retrieve JWKs list from the database or other store. If not present, please create a new one by evaluating the given IO, store it, and return it.

credsExtra getters

getLtiIss :: CredsExtra -> Maybe Issuer Source #

Gets the iss for the given credsExtra.

getLtiSub :: CredsExtra -> Maybe Issuer Source #

Gets the sub for the given credsExtra

getLtiToken :: CredsExtra -> Maybe LtiTokenClaims Source #

Gets and decodes the extra token claims with the full LTI launch information from a credsExtra

Data model

Token data

newtype LtiTokenClaims #

An object representing in the type system a token whose claims have been validated.

Instances

Instances details
Eq LtiTokenClaims 
Instance details

Defined in Web.LTI13

Show LtiTokenClaims 
Instance details

Defined in Web.LTI13

data ContextClaim #

LTI spec § 5.4.1 context claim

Instances

Instances details
Eq ContextClaim 
Instance details

Defined in Web.LTI13

Show ContextClaim 
Instance details

Defined in Web.LTI13

ToJSON ContextClaim 
Instance details

Defined in Web.LTI13

FromJSON ContextClaim 
Instance details

Defined in Web.LTI13

data LisClaim #

LTI spec § D LIS claim

Constructors

LisClaim 

Fields

Instances

Instances details
Eq LisClaim 
Instance details

Defined in Web.LTI13

Show LisClaim 
Instance details

Defined in Web.LTI13

ToJSON LisClaim 
Instance details

Defined in Web.LTI13

FromJSON LisClaim 
Instance details

Defined in Web.LTI13

data Role #

Roles in the target context (≈ course/section); see LTI spec § A.2.2 and LTI spec § 5.3.7 for details

Instances

Instances details
Eq Role 
Instance details

Defined in Web.LTI13

Methods

(==) :: Role -> Role -> Bool #

(/=) :: Role -> Role -> Bool #

Show Role 
Instance details

Defined in Web.LTI13

Methods

showsPrec :: Int -> Role -> ShowS #

show :: Role -> String #

showList :: [Role] -> ShowS #

ToJSON Role 
Instance details

Defined in Web.LTI13

FromJSON Role 
Instance details

Defined in Web.LTI13

Anonymization

anonymizeLtiTokenForLogging :: UncheckedLtiTokenClaims -> AnonymizedLtiTokenClaims #

Removes PII of the user from the token, retaining only information about the system in general or the context.

Fields that are Maybe are kept as Maybe, with the contents replaced with "**" if they were Just and otherwise kept as Nothing.

newtype AnonymizedLtiTokenClaims #

LTI token claims from which all student data has been removed. For logging.

Auth

data PlatformInfo #

Preregistered information about a learning platform

Constructors

PlatformInfo 

Fields

type Issuer = Text #

Issuer/iss field

type ClientId = Text #

client_id, one or more per platform; LTI spec § 3.1.3