LTI™ 1.3 Advantage primer

​

​

​

claude.vervoort@(cengage|gmail).com

https://creativecommons.org/licenses/by/4.0/

LTI is a trademark of 1edTech

LTI Advantage = LTI 1.3 + 3 services

lti13 uses asymetric keys

​

​

​

​

public key (jwks_uri)

lti13 messages are OpenId idtoken

​

​

​

​

JWS

signed JWT

lti13 launches are OpenId authentication

​

​

​

​

1. LMS -> Tool: “hello, I’m LMS x, someone wants to access your tool”
2. Tool -> LMS: “Ok, tell me who is knocking”
3. LMS: Ok this is a registered app, and a registered auth redirect: I know you, so i’ll tell you
4. LMS->Tool: sends the id_token (LTI message) to the tool’s endpoint: this is Jane, a student in course…
5. Tool: is this coming from the LMS x? Verify signature (and state) using the LMS x Keyset: ok I trust that statement
6. Tool: proceed to actual Tool UI (show resource/deep link/…) so I show the page Jane’s is expecting

openId + LTI

​

{

"iss": "https://platform.example.org",

"sub": "a6d5c443-1f51-4783-ba1a-7686ffe3b54a",

"aud": ["962fa4d8-bcbf-49a0-94b2-2de05ad274af"],

"exp": 1510185728,

"iat": 1510185228,

"azp": "962fa4d8-bcbf-49a0-94b2-2de05ad274af",

"nonce": "fc5fdc6d-5dd6-47f4-b2c9-5d1216e9b771",

"name": "Ms Jane Marie Doe",

"given_name": "Jane",

"family_name": "Doe",

"middle_name": "Marie",

"picture": "http://example.org/jane.jpg",

"email": "jane@example.org",

"locale": "en-US",

"https://purl.imsglobal.org/spec/lti/claim/deployment_id":

"07940580-b309-415e-a37c-914d387c1150",

"https://purl.imsglobal.org/spec/lti/claim/message_type":

"LtiResourceLinkRequest",

"https://purl.imsglobal.org/spec/lti/claim/version": "1.3.0",

"https://purl.imsglobal.org/spec/lti/claim/roles": [

"http://purl.imsglobal.org/vocab/lis/v2/institution/person#Student",

"http://purl.imsglobal.org/vocab/lis/v2/membership#Learner"

],

"https://purl.imsglobal.org/spec/lti/claim/target_link_uri": "https://mytool.io/quiz1",

"https://purl.imsglobal.org/spec/lti/claim/resource_link": {

"id": "200d101f-2c14-434a-a0f3-57c2a42369fd",

"description": "Assignment to introduce who you are",

"title": "Introduction Assignment"

},

​

​

"https://purl.imsglobal.org/spec/lti/claim/context": {

"id": "c1d887f0-a1a3-4bca-ae25-c375edcc131a",

"label": "ECON 1010",

"title": "Economics as a Social Science",

"type": ["CourseOffering"]

},

"https://purl.imsglobal.org/spec/lti/claim/tool_platform": {

"contact_email": "support@example.org",

"product_family_code": "example.org",

"version": "1.0"

},

"https://purl.imsglobal.org/spec/lti/claim/launch_presentation": {

"document_target": "iframe",

"height": 320,

"width": 240,

"return_url": "http://example.org/return"

},

"https://purl.imsglobal.org/spec/lti/claim/custom": {

"myCustomValue": "123"

},

"https://purl.imsglobal.org/spec/lti-ags/claim/endpoint": {

"scope": [

"https://purl.imsglobal.org/spec/lti-ags/scope/lineitem",

"https://purl.imsglobal.org/spec/lti-ags/scope/result.readonly",

"https://purl.imsglobal.org/spec/lti-ags/scope/score"],

"lineitems": "https://mylms/lti/courses/3606276/lineitems",

"lineitem": "https://mylms/lti/courses/3606276/lineitems/321",

},

}

lti13 services uses Oauth2 client credentials

​

​

​

​

get access token

lti13 services define scopes

​

​

​

​

access tokens must always be scoped

​

​

​

​

lti13 is multi-tenant

​

​

​

registered

CapricaU

CapricaU account

deployed (deployment_id)

platform

(Iss, 19109, LTI DeploymentId) -> Tool Account

(Iss, 333993, 3378) -> Tool Account

Moodle -> Scope of Deployment is the Site

Brightspace -> Scope of Deployment is the Org

Org: site,dept, class

A tool should favor a 1-many relationship between lti deployments and an account.

​

(iss, client_id, lti-deployment_id) -> account

​

​

issuer: myunilms.edu (iss)

registration : cengage (client_id A)

registration : turn it in (client_id B)

Registration (iss, client_id)

Institution (myunilms Math Dept)

Institution (myunilms English Dept)

the

lti advantage

services

​

​

​

Deep Linking, the LTI advantage flow

​

“The very first launch is always a deep linking request”

deepLinkingRequest

resourceLinkRequest

RESOURCE

LINK

Deep Linking, (pick, search, create) and add

"https://purl.imsglobal.org/spec/lti/claim/message_type":"LTIDeepLinkingRequest",

"https://purl.imsglobal.org/spec/lti-dl/claim/deep_linking_settings": {

"accept_types": ["link", "file", "html", "ltiLink", "image"],

"accept_media_types": "image/*,text/html",

"accept_presentation_document_targets": ["iframe", "window", "embed"],

"accept_multiple": true,

"auto_create": true,

"title": "This is the default title",

"text": "This is the default text",

"data": "Some random opaque data that MUST be sent back"

}

Deep Linking, not just deep links...

Deep Linking, not just deep links...

"https://purl.imsglobal.org/spec/lti/claim/message_type": "LTIDeepLinkingResponse",

"https://purl.imsglobal.org/spec/lti-dl/claim/data": "Some random opaque data that MUST be sent back",

"https://purl.imsglobal.org/spec/lti-dl/claim/content_items": [{

"type": "ltiLink",

"title": "A title",

"text": "This is a link to an activity that will be graded",

"url": "https://lti.example.com/launchMe",

"lineItem": {

"scoreMaximum": 87,

"resourceId": "xyzpdq1234",

"tag": "originality"

},

"custom": {

"quiz_id": "az-123"

},

"submission": {

"endDateTime": "2018-03-06T20:05:02Z"

},

"window": {"targetName": "examplePublisherContent"},

"iframe": {"height": 890}

},

Declarative creation of line item (gradebook column)

Signed JWT with item selection (can be empty items)

Use tool’s jwks to validate payload

Use data to avoid Cross Site forgery attack

Assignment and

Grades

Services

​

​

​

AGS allows a sandboxed columns management

Tool

Cyl Quiz

10 points

Cyl Quiz

15 points

add

edit

delete

get and get all mines

AGS allows columns without links

(however it is usually preferred to create lineitems during the link import in Deep Linking)

decoupled

​

​

​

​

AGS allows to post and get scores

Tool

Cyl Quiz

10 points

post score

get current scores (results)

8.8 Good job!

! needs grading

AGS endpoints are in each LTI launch

{

"https://purl.imsglobal.org/spec/lti-ags/claim/endpoint": {

"scope": [

"https://purl.imsglobal.org/spec/lti-ags/scope/lineitem",

"https://purl.imsglobal.org/spec/lti-ags/scope/result.readonly",

"https://purl.imsglobal.org/spec/lti-ags/scope/score"

],

"lineitems": "https://www.myuniv.edu/2344/lineitems/",

"lineitem": "https://www.myuniv.edu/2344/lineitems/1234/lineitem"

}

}

Names and

Roles

Service

​

​

​

NRS means discover users before they launch

Tool

GET read-only

GET what changed

NRS endpoint is in each LTI launch

“https://purl.imsglobal.org/spec/lti-nrps/claim/namesroleservice”: {

"context_memberships_url": "https://www.myuniv.example.com/2344/memberships"

}

Beyond lti advantage

​

​

​

​

submission review launch

dynamic registration

course groups

​

​

….

extensions can then become required

and included in the next bundle

​

​

​

​

LTI Advantage 202?

LTI™ 1.3 Advantage resources

https://www.imsglobal.org/activity/learning-tools-interoperability

Resources collection: https://github.com/1EdTech/ltibootcamp

Node LTI Test Tool from Blackboard: https://github.com/blackboard/BBDN-LTI-Tool-Provider-Node

Youtube serie on LTI Advantage: https://www.youtube.com/playlist?list=PLb5mG7w3UZkPKHODmz5YCkIqnWQEsjMkd

​

​