ims-lti
ims-lti copied to clipboard
omsmith
A node.js library implementing the IMS LTI tool providers' standards
The `build_signature` function is using raw request headers obtained from Node HTTP to get the host. Direct interaction with the raq request object is not recommended by hapijs and headers...
Spec 3.6.1: http://www.imsglobal.org/specs/lticiv1p0/specification specifies that a ContentItemUpdateRequest message is very similar to the ContentItemSelectionRequest message, but allows: - resource_link_id - resource_link_title - resource_link_description
The only [delta between the latest release and master](https://github.com/omsmith/ims-lti/compare/a00afa5736b5e7fe4d2dfc8a844ccd8f49c9248c...master) is the correct validation of a `ContentItemSelectionRequest` message. Any chance of a point release please to bring this functionality into play?
The [oauth1 specs](https://oauth.net/core/1.0a/#anchor15) state that the consumer secret and token need to be parameter encoded before passing them to hmac-sha1 for signing: > [...] the key is the concatenated values...
Hey @omsmith! :wave: Thanks for putting together an awesome project! :bow: It looks like things have been a bit quiet around here for a while now. Would having additional maintainer(s)...
AFAIK, `ims-lti` relies on `req` values being `x-forwarded-*` aware; with `express` it involves setting 'trust proxy' to a truthy value. It works for https proxy but it won't affect the...
Hi It is not clear from the documentation how to specify ext_content value. I want to return an iframe in response to an LTI request but not sure how to...
## Code ```javascript const lti = require('ims-lti') const outcome = new lti.OutcomeService({ consumer_key: 'key', consumer_secret: 'secret', // Note: localhost:3000 is a server that simply responseds with a status 200, empty...
Adds `trustProxy` option to HMAC_SHA1 and Provider constructor. It overloads the Provider constructor with the third argument being either a nonceStore or an options object (for a nonceStore, a signer...
I haven't check yet https://www.npmjs.com/package/@dinoboff/ims-lti but it seem thats the ideal way to go. Another alternative, very naive is to check in any case whether the 'x-forwarded-proto' headers is set...
