Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Sample code for Basic LTI Consumer in PHP
<?php
# ------------------------------
# START CONFIGURATION SECTION
#
$launch_url = "https://lti.tools/test/tp.php";
$key = "12345";
$secret = "secret";
$launch_data = array(
"user_id" => "292832126",
"roles" => "Instructor",
"resource_link_id" => "120988f929-274612",
"resource_link_title" => "Weekly Blog",
"resource_link_description" => "A weekly blog.",
"lis_person_name_full" => "Jane Q. Public",
"lis_person_name_family" => "Public",
"lis_person_name_given" => "Given",
"lis_person_contact_email_primary" => "user@school.edu",
"lis_person_sourcedid" => "school.edu:user",
"context_id" => "456434513",
"context_title" => "Design of Personal Environments",
"context_label" => "SI182",
"tool_consumer_instance_guid" => "lmsng.school.edu",
"tool_consumer_instance_description" => "University of School (LMSng)"
);
#
# END OF CONFIGURATION SECTION
# ------------------------------
$now = new DateTime();
$launch_data["lti_version"] = "LTI-1p0";
$launch_data["lti_message_type"] = "basic-lti-launch-request";
# Basic LTI uses OAuth to sign requests
# OAuth Core 1.0 spec: http://oauth.net/core/1.0/
$launch_data["oauth_callback"] = "about:blank";
$launch_data["oauth_consumer_key"] = $key;
$launch_data["oauth_version"] = "1.0";
$launch_data["oauth_nonce"] = uniqid('', true);
$launch_data["oauth_timestamp"] = $now->getTimestamp();
$launch_data["oauth_signature_method"] = "HMAC-SHA1";
# In OAuth, request parameters must be sorted by name
$launch_data_keys = array_keys($launch_data);
sort($launch_data_keys);
$launch_params = array();
foreach ($launch_data_keys as $key) {
array_push($launch_params, $key . "=" . rawurlencode($launch_data[$key]));
}
$base_string = "POST&" . urlencode($launch_url) . "&" . rawurlencode(implode("&", $launch_params));
$secret = urlencode($secret) . "&";
$signature = base64_encode(hash_hmac("sha1", $base_string, $secret, true));
?>
<html>
<head></head>
<!-- <body onload="document.ltiLaunchForm.submit();"> -->
<body>
<form id="ltiLaunchForm" name="ltiLaunchForm" method="POST" action="<?php printf($launch_url); ?>">
<?php foreach ($launch_data as $k => $v ) { ?>
<input type="hidden" name="<?php echo $k ?>" value="<?php echo $v ?>">
<?php } ?>
<input type="hidden" name="oauth_signature" value="<?php echo $signature ?>">
<button type="submit">Launch</button>
</form>
<body>
</html>
@matthanger

This comment has been minimized.

Copy link
Owner Author

@matthanger matthanger commented Aug 25, 2011

More developer support for IMS Basic LTI: http://www.imsglobal.org/developers/BLTI/

@jankapunkt

This comment has been minimized.

Copy link

@jankapunkt jankapunkt commented Nov 5, 2016

Hi, why do you double-encode the launch params on line 53 and line 56?

@rschrenk

This comment has been minimized.

Copy link

@rschrenk rschrenk commented Feb 16, 2017

Hi, I tried to implement this Script but I only get an error by Moodle (this is used as LTI Provider): Invalid signature ours= Gi32FwbHmUJVnMuP/QR3isXRMWA= yours=9nAEE7fPnF/9T657HiRis6PmVqU=

What can I do?

@dennie170

This comment has been minimized.

Copy link

@dennie170 dennie170 commented Jun 15, 2017

I have exactly the same problem as @rschrenk.

@t-schroeder

This comment has been minimized.

Copy link

@t-schroeder t-schroeder commented Jul 3, 2017

I got a signature mismatch aswell. I found the reason for it:

From https://www.imsglobal.org/specs/ltiv1p0/implementation-guide#toc-21:

Notice that all of the POST values, including the submit button, are included in the base string (i.e., the string signed by OAuth).

Just add "submit" => "Launch" to the end of $launch_data.

@jobercavalcante

This comment has been minimized.

Copy link

@jobercavalcante jobercavalcante commented Jul 22, 2020

How can I get info from the LTI provider?

@matthanger

This comment has been minimized.

Copy link
Owner Author

@matthanger matthanger commented Jul 23, 2020

Hi all, this gist is pretty old at this point. You may want to look elsewhere, or at the LTI Implementation Guide: http://www.imsglobal.org/specs/ltiv1p1/implementation-guide

Here are other resources that might be useful:

@yousufttp

This comment has been minimized.

Copy link

@yousufttp yousufttp commented Aug 16, 2020

I got a signature mismatch aswell. I found the reason for it:

From https://www.imsglobal.org/specs/ltiv1p0/implementation-guide#toc-21:

Notice that all of the POST values, including the submit button, are included in the base string (i.e., the string signed by OAuth).

Just add "submit" => "Launch" to the end of $launch_data.

this doesn't seems to resolve the issue, can some one tell me the fix please, am looking for a LTI consumer only

@yousufttp

This comment has been minimized.

Copy link

@yousufttp yousufttp commented Aug 16, 2020

@matthanger pls review this

@yousufttp

This comment has been minimized.

Copy link

@yousufttp yousufttp commented Aug 18, 2020

I was able to fix the issue, the issue I see is invalid signature, because I have added param in lunch url

@praveenshu

This comment has been minimized.

Copy link

@praveenshu praveenshu commented Jan 13, 2021

@yousufttp can you please let me know how you fixed the issue .

@khalilalquraan

This comment has been minimized.

Copy link

@khalilalquraan khalilalquraan commented Mar 20, 2021

Thank you very much, it is working

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment