A Ruby library to help implement IMS LTI tool consumers and providers
Pull request Compare This branch is 99 commits behind instructure:master.
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Failed to load latest commit information.



This ruby library is to help create Tool Providers and Tool Consumers for the IMS LTI standard.


This is packaged as the ims-lti rubygem, so you can just add the dependency to your Gemfile or install the gem on your system:

gem install ims-lti

To require the library in your project:

require 'ims/lti'

To validate the OAuth signatures you need to require the appropriate request proxy for your application. For example:

# For a Sinatra or a Rails 3 app:
require 'oauth/request_proxy/rack_request'

# For a Rails 2.3 app:
require 'oauth/request_proxy/action_controller_request'

For further information see the oauth-ruby project.


This readme won't cover the LTI standard, just how to use the library. It will be very helpful to read the LTI documentation

In LTI there are Tool Providers (TP) and Tool Consumers (TC), this library is useful for implementing both. Here is an overview of the communication process: LTI 1.1 Introduction

This library doesn't help you manage the consumer keys and secrets. The POST headers/parameters will contain the oauth_consumer_key and your app can use that to look up the appropriate oauth_consumer_secret.

Your app will also need to manage the OAuth nonce to make sure the same nonce isn't used twice with the same timestamp. Read the LTI documentation on OAuth.

Tool Provider

As a TP your app will receive a POST request with a bunch of LTI launch data and it will be signed with OAuth using a key/secret that both the TP and TC share. This is covered in the LTI security model

Here is an example of a simple TP Sinatra app using this gem: LTI Tool Provider

Once you find the oauth_consumer_secret based on the oauth_consumer_key in the request, you can initialize a ToolProvider object with them and the post parameters:

# Initialize TP object with OAuth creds and post parameters
provider = IMS::LTI::ToolProvider.new(consumer_key, consumer_secret, params)

# Verify OAuth signature by passing the request object
if provider.valid_request?(request)
  # success
  # handle invalid OAuth

Once your TP object is initialized and verified you can load your tool. All of the launch data is available in the TP object along with some convenience methods like provider.username which will try to find the name from the 3 potential name launch data attributes.

Returning Results of a Quiz/Assignment

If your TP provides some kind of assessment service you can write grades back to the TC. This is documented in the LTI docs here.

You can check whether the TC is expecting a grade write-back:

if provider.outcome_service?
  # ready for grade write-back
  # normal tool launch without grade write-back

To write the grade back to the TC your tool will do a POST directly back to the URL the TC passed in the launch data. You can use the TP object to do that for you:

# post the score to the TC, score should be a float >= 0.0 and <= 1.0
# this returns an OutcomeResponse object
response = provider.post_replace_result!(score)
if response.success?
  # grade write worked
elsif response.processing?
elsif response.unsupported?
  # failed

You can see the error code documentation here.

Tool Consumer

As a Tool Consumer your app will POST an OAuth-signed launch requests to TPs with the necessary LTI launch data. This is covered in the LTI security model

Here is an example of a simple TC Sinatra app using this gem: LTI Tool Consumer