-
-
Save matthanger/1171921 to your computer and use it in GitHub Desktop.
| <?php | |
| # ------------------------------ | |
| # START CONFIGURATION SECTION | |
| # | |
| $launch_url = "https://lti.tools/test/tp.php"; | |
| $key = "12345"; | |
| $secret = "secret"; | |
| $launch_data = array( | |
| "user_id" => "292832126", | |
| "roles" => "Instructor", | |
| "resource_link_id" => "120988f929-274612", | |
| "resource_link_title" => "Weekly Blog", | |
| "resource_link_description" => "A weekly blog.", | |
| "lis_person_name_full" => "Jane Q. Public", | |
| "lis_person_name_family" => "Public", | |
| "lis_person_name_given" => "Given", | |
| "lis_person_contact_email_primary" => "user@school.edu", | |
| "lis_person_sourcedid" => "school.edu:user", | |
| "context_id" => "456434513", | |
| "context_title" => "Design of Personal Environments", | |
| "context_label" => "SI182", | |
| "tool_consumer_instance_guid" => "lmsng.school.edu", | |
| "tool_consumer_instance_description" => "University of School (LMSng)" | |
| ); | |
| # | |
| # END OF CONFIGURATION SECTION | |
| # ------------------------------ | |
| $now = new DateTime(); | |
| $launch_data["lti_version"] = "LTI-1p0"; | |
| $launch_data["lti_message_type"] = "basic-lti-launch-request"; | |
| # Basic LTI uses OAuth to sign requests | |
| # OAuth Core 1.0 spec: http://oauth.net/core/1.0/ | |
| $launch_data["oauth_callback"] = "about:blank"; | |
| $launch_data["oauth_consumer_key"] = $key; | |
| $launch_data["oauth_version"] = "1.0"; | |
| $launch_data["oauth_nonce"] = uniqid('', true); | |
| $launch_data["oauth_timestamp"] = $now->getTimestamp(); | |
| $launch_data["oauth_signature_method"] = "HMAC-SHA1"; | |
| # In OAuth, request parameters must be sorted by name | |
| $launch_data_keys = array_keys($launch_data); | |
| sort($launch_data_keys); | |
| $launch_params = array(); | |
| foreach ($launch_data_keys as $key) { | |
| array_push($launch_params, $key . "=" . rawurlencode($launch_data[$key])); | |
| } | |
| $base_string = "POST&" . urlencode($launch_url) . "&" . rawurlencode(implode("&", $launch_params)); | |
| $secret = urlencode($secret) . "&"; | |
| $signature = base64_encode(hash_hmac("sha1", $base_string, $secret, true)); | |
| ?> | |
| <html> | |
| <head></head> | |
| <!-- <body onload="document.ltiLaunchForm.submit();"> --> | |
| <body> | |
| <form id="ltiLaunchForm" name="ltiLaunchForm" method="POST" action="<?php printf($launch_url); ?>"> | |
| <?php foreach ($launch_data as $k => $v ) { ?> | |
| <input type="hidden" name="<?php echo $k ?>" value="<?php echo $v ?>"> | |
| <?php } ?> | |
| <input type="hidden" name="oauth_signature" value="<?php echo $signature ?>"> | |
| <button type="submit">Launch</button> | |
| </form> | |
| <body> | |
| </html> |
Hi, why do you double-encode the launch params on line 53 and line 56?
Hi, I tried to implement this Script but I only get an error by Moodle (this is used as LTI Provider): Invalid signature ours= Gi32FwbHmUJVnMuP/QR3isXRMWA= yours=9nAEE7fPnF/9T657HiRis6PmVqU=
What can I do?
I have exactly the same problem as @rschrenk.
I got a signature mismatch aswell. I found the reason for it:
From https://www.imsglobal.org/specs/ltiv1p0/implementation-guide#toc-21:
Notice that all of the POST values, including the submit button, are included in the base string (i.e., the string signed by OAuth).
Just add "submit" => "Launch" to the end of $launch_data.
How can I get info from the LTI provider?
Hi all, this gist is pretty old at this point. You may want to look elsewhere, or at the LTI Implementation Guide: http://www.imsglobal.org/specs/ltiv1p1/implementation-guide
Here are other resources that might be useful:
I got a signature mismatch aswell. I found the reason for it:
From https://www.imsglobal.org/specs/ltiv1p0/implementation-guide#toc-21:
Notice that all of the POST values, including the submit button, are included in the base string (i.e., the string signed by OAuth).
Just add
"submit" => "Launch"to the end of$launch_data.
this doesn't seems to resolve the issue, can some one tell me the fix please, am looking for a LTI consumer only
@matthanger pls review this
I was able to fix the issue, the issue I see is invalid signature, because I have added param in lunch url
@yousufttp can you please let me know how you fixed the issue .
Thank you very much, it is working
How can I get a response from the LTI provider?
if you're getting LTI request from different source make sure to unset param
unset($launch_data['oauth_signature'])
More developer support for IMS Basic LTI: http://www.imsglobal.org/developers/BLTI/