lti13: Core functionality for LTI 1.3.

[ lgpl, library, web ] [ Propose Tags ] [ Report a vulnerability ]

A library implementing the core LTI 1.3 authentication protocol, suitable for use in implementing libraries for any web framework. An example use is https://hackage.haskell.org/package/yesod-auth-lti13


[Skip to Readme]

Modules

[Index] [Quick Jump]

Downloads

Maintainer's Corner

Package maintainers

For package maintainers and hackage trustees

Candidates

Versions [RSS] 0.1.1.0, 0.1.2.0, 0.1.2.1, 0.1.2.2, 0.2.0.0, 0.2.0.1, 0.2.0.2, 0.2.0.3, 0.3.0.0
Change log CHANGELOG.md
Dependencies aeson (>=1.4.7 && <1.5), base (>=4.12.0 && <5), bytestring (>=0.10.10 && <0.11), containers (>=0.6.2 && <0.7), http-client (>=0.6.4 && <0.7), http-types (>=0.12.3 && <0.13), jose-jwt (>=0.8.0 && <0.9), oidc-client (>=0.5.1 && <0.6), safe-exceptions (>=0.1.7 && <0.2), text (>=1.2.4 && <1.3) [details]
License LGPL-3.0-only
Author Jade
Maintainer Jade <software at lfcode dot ca>
Category Web
Bug tracker https://github.com/lf-/lti13/issues
Source repo head: git clone https://github.com/lf-/lti13
Uploaded by jade at 2020-09-16T20:06:35Z
Distributions
Reverse Dependencies 1 direct, 0 indirect [details]
Downloads 1410 total (24 in the last 30 days)
Rating (no votes yet) [estimated by Bayesian average]
Your Rating
  • λ
  • λ
  • λ
Status Docs available [build log]
Last success reported on 2020-09-16 [all 1 reports]

Readme for lti13-0.1.2.1

[back to package description]

lti13

This is a minimal implementation of LTI 1.3 authentication for Haskell. It supports performing LTI launches and getting most of the interesting fields of the resource link request.

This library is intended to be used in developing integrations with web frameworks, although it can be used directly. A sample integration is yesod-auth-lti13.

Correct usage

Client code is expected to maintain a CSRF token, the state parameter, in session storage and check it is the same as the one from handleAuthResponse, failing authentication if it is not. Future versions of the library may introduce a mandatory callback to ensure clients do this. For an example of this, see the yesod-auth-lti13 sources.