lti13-0.2.0.3: Core functionality for LTI 1.3.
Safe HaskellNone
LanguageHaskell2010

Web.LTI13

Description

A basic LTI 1.3 library. It's intended to be used by implementing routes for initiate and handleAuthResponse, and work out the associated parameters thereof.

This is written based on the LTI 1.3 specification <http://www.imsglobal.org/spec/lti/v1p3/ available from the IMS Global website>. Users will probably also find the <https://lti-ri.imsglobal.org/ LTI Reference Implementation> helpful.

Synopsis

Token contents/data model

data Role Source #

Roles in the target context (≈ course/section); see LTI spec § A.2.2 and LTI spec § 5.3.7 for details

Instances

Instances details
Eq Role Source # 
Instance details

Defined in Web.LTI13

Methods

(==) :: Role -> Role -> Bool #

(/=) :: Role -> Role -> Bool #

Show Role Source # 
Instance details

Defined in Web.LTI13

Methods

showsPrec :: Int -> Role -> ShowS #

show :: Role -> String #

showList :: [Role] -> ShowS #

ToJSON Role Source # 
Instance details

Defined in Web.LTI13

FromJSON Role Source # 
Instance details

Defined in Web.LTI13

data LisClaim Source #

LTI spec § D LIS claim

Constructors

LisClaim 

Fields

Instances

Instances details
Eq LisClaim Source # 
Instance details

Defined in Web.LTI13

Show LisClaim Source # 
Instance details

Defined in Web.LTI13

ToJSON LisClaim Source # 
Instance details

Defined in Web.LTI13

FromJSON LisClaim Source # 
Instance details

Defined in Web.LTI13

newtype LtiTokenClaims Source #

An object representing in the type system a token whose claims have been validated.

Instances

Instances details
Eq LtiTokenClaims Source # 
Instance details

Defined in Web.LTI13

Show LtiTokenClaims Source # 
Instance details

Defined in Web.LTI13

Anonymizing tokens for logging

newtype AnonymizedLtiTokenClaims Source #

LTI token claims from which all student data has been removed. For logging.

anonymizeLtiTokenForLogging :: UncheckedLtiTokenClaims -> AnonymizedLtiTokenClaims Source #

Removes PII of the user from the token, retaining only information about the system in general or the context.

Fields that are Maybe are kept as Maybe, with the contents replaced with "**" if they were Just and otherwise kept as Nothing.

Validation and auth

data LTI13Exception Source #

(most of) the exceptions that can arise in LTI 1.3 handling. Some may have been forgotten, and this is a bug that should be fixed.

Constructors

InvalidHandshake Text

Error in the handshake format

DiscoveryException Text 
GotHttpException HttpException 
InvalidLtiToken Text

Token validation error. Per Security § 5.1.3 if you get this, you should return a 401.

data PlatformInfo Source #

Preregistered information about a learning platform

Constructors

PlatformInfo 

Fields

type Issuer = Text Source #

Issuer/iss field

type ClientId = Text Source #

client_id, one or more per platform; LTI spec § 3.1.3

data SessionStore (m :: Type -> Type) #

Manages state and nonce. (Maybe OIDC should have them)

Constructors

SessionStore 

Fields

data AuthFlowConfig m Source #

Structure you have to provide defining integration points with your app

Constructors

AuthFlowConfig 

Fields

type RequestParams = Map Text Text Source #

Parameters to a request, either in the URL with a GET or in the body with a POST

initiate :: MonadIO m => AuthFlowConfig m -> RequestParams -> m (Issuer, ClientId, Text) Source #

Makes the URL for IMS Security spec § 5.1.1.2 upon the § 5.1.1.1 request coming in

Returns (Issuer, RedirectURL).