yesod-auth-lti13- A yesod-auth plugin for LTI 1.3

Safe HaskellNone



A Yesod authentication module for LTI 1.3 See example/Main.hs for a sample implementation.




data PlatformInfo #

Preregistered information about a learning platform




type Issuer = Text #

Issuer/iss field

type ClientId = Text #

client_id, one or more per platform; LTI spec § 3.1.3

authLTI13 :: YesodAuthLTI13 m => AuthPlugin m Source #

Auth plugin. Add this to appAuthPlugins to enable this plugin.

authLTI13WithWidget :: YesodAuthLTI13 m => ((Route Auth -> Route m) -> WidgetFor m ()) -> AuthPlugin m Source #

Auth plugin. The same as authLTI13 but you can provide your own template for the login hint page.

class YesodAuth site => YesodAuthLTI13 site where Source #

Callbacks into your site for LTI 1.3


checkSeenNonce :: Nonce -> AuthHandler site Bool Source #

Check if a nonce has been seen in the last validity period. It is expected that nonces given to this function are stored somewhere, returning False, then when seen again, True should be returned. See the < relevant section of the IMS security specification> for details.

retrievePlatformInfo :: (Issuer, Maybe ClientId) -> AuthHandler site PlatformInfo Source #

Get the configuration for the given platform.

It is possible that the relation between Issuer and ClientId is 1 to n rather than 1 to 1, for instance in the case of cloud hosted Canvas. You *must* therefore key your PlatformInfo retrieval with the pair of both and throw an error if there are multiple ClientId for the given Issuer and the ClientId is Nothing.

retrieveOrInsertJwks Source #


:: IO ByteString

an IO which, if evaluated, will make a new Jwk set

-> AuthHandler site ByteString 

Retrieve JWKs list from the database or other store. If not present, please create a new one by evaluating the given IO, store it, and return it.

getLtiIss :: SessionMap -> Maybe Issuer Source #

Gets the iss for the given sesssion

getLtiSub :: SessionMap -> Maybe Issuer Source #

Gets the sub for the given session

getLtiToken :: SessionMap -> Maybe UncheckedLtiTokenClaims Source #

Gets and decodes the extra token claims with the full LTI launch information from a session

Signature slightly inaccurate: the claims have been checked at this stage.

newtype LtiTokenClaims #

An object representing in the type system a token whose claims have been validated.

Show LtiTokenClaims 
Instance details

Defined in Web.LTI13

data Role #

Roles in the target context (≈ course/section); see LTI spec § A.2.2 and LTI spec § 5.3.7 for details

Show Role 
Instance details

Defined in Web.LTI13


showsPrec :: Int -> Role -> ShowS #

show :: Role -> String #

showList :: [Role] -> ShowS #

ToJSON Role 
Instance details

Defined in Web.LTI13

FromJSON Role 
Instance details

Defined in Web.LTI13