lti13: Core functionality for LTI 1.3

[ lgpl, library, web ] [ Propose Tags ]

A library implementing the core LTI 1.3 authentication protocol, suitable for use in implementing libraries for any web framework. An example use is

[Skip to Readme]


[Index] [Quick Jump]


Maintainer's Corner

Package maintainers

For package maintainers and hackage trustees


Versions [RSS],,,,,,,,
Change log
Dependencies aeson (>=2 && <2.2), base (>=4.12.0 && <5), bytestring (>=0.10.10 && <0.12), containers (>=0.6.2 && <0.7), http-client (>=0.6.4 && <0.8), http-types (>=0.12.3 && <0.13), jose-jwt (>=0.8.0 && <0.10), oidc-client (>=0.7 && <0.8), safe-exceptions (>=0.1.7 && <0.2), text (>=1.2.4 && <1.3 || >=2.0 && <2.1) [details]
License LGPL-3.0-only
Author Jade Lovelace
Maintainer Jade Lovelace <software at lfcode dot ca>
Category Web
Home page
Bug tracker
Source repo head: git clone
Uploaded by jade at 2022-11-24T07:45:48Z
Reverse Dependencies 1 direct, 0 indirect [details]
Downloads 1278 total (24 in the last 30 days)
Rating (no votes yet) [estimated by Bayesian average]
Your Rating
  • λ
  • λ
  • λ
Status Docs available [build log]
Last success reported on 2022-11-24 [all 1 reports]

Readme for lti13-

[back to package description]


This is a minimal implementation of LTI 1.3 authentication for Haskell. It supports performing LTI launches and getting most of the interesting fields of the resource link request.

This library is intended to be used in developing integrations with web frameworks, although it can be used directly. A sample integration is yesod-auth-lti13.

Correct usage

Client code is expected to maintain a CSRF token, the state parameter, in session storage and check it is the same as the one from handleAuthResponse, failing authentication if it is not. Future versions of the library may introduce a mandatory callback to ensure clients do this. For an example of this, see the yesod-auth-lti13 sources.