<img src="assets/bootcamp.png">

# **LTI&trade; Advantage** bootcamp notebook for Tool

claude.vervoort@gmail.com

## Introduction

The notebook shows how to interact with the LTI Advantage ecosystem from a tool implementer viewpoint. It interacts with an actual test server which has been built as a platform simulator to support this notebook. 

<img src="assets/ltibootcamp_arch.png" width="60%">

## Limitation

The test tool platform cannot launch into the bootcamp. As a workaround, the test tool has APIs to get the launch data that would have been included in an actual launch.


In [1]:
# This notebook queries an actual tool platform test server. It needs its location:
platform_url='http://localhost:5000'

## Setup

### Import the python libraries needed by the tool

Here we just import the libraries that will be needed in this notebook, define some utility functions and constants.

In [2]:
import requests
import json
import jwt
import base64
import re
from time import time
from cryptography.hazmat.primitives.asymmetric.rsa import RSAPublicNumbers
from cryptography.hazmat.backends import default_backend
from cryptography.hazmat.primitives.serialization import Encoding, PublicFormat
from IPython.display import display, Markdown, HTML, Javascript

def decode_int(b64value):
    return int.from_bytes(base64.urlsafe_b64decode(b64value), byteorder='big')

# for concise code, return full claim prefixed by ims
def fc(claim):
    return "http://imsglobal.org/lti/{0}".format(claim)

def md(mdt):
    display(Markdown(mdt))
    
md_buffer = ''

def mdb(mdt=None):
    global md_buffer
    if mdt:
        md_buffer = md_buffer + '\n' + mdt
    else:
        md(md_buffer)
        md_buffer = ''


### get the tool deployment info to use in this notebook

First we need to get a new tool deployment from the server for this notebook instance to use.
Each tool must have a `client_id` and a private key that will be used to interact with the platform services and send messages back to the platform. The `client_id` is used to for security purposes. A trust may be shared across multiple deployments of the same tool in a platform, so a `deployment_id` is also communicated to identify the actual deployment of that tool.

It also needs the keyset URL that exposes the platform public keys needed to validate the incoming messages.

While this information is required for each tool, how it is obtained by the tool is NOT currently part of the LTI specifications.

In [3]:
r = requests.get(platform_url + '/newtool')
tool_info = json.loads(r.text)

md('### Tool information')
md('Here is the tool information generated for this notebook. It is stored in ```tool_info``` variable.')
md('```json\n'+ json.dumps(tool_info, indent=4)+'```')

### Tool information

Here is the tool information generated for this notebook. It is stored in ```tool_info``` variable.

```json
{
    "deployment_id": "deployment_0",
    "webkeyPem": "-----BEGIN RSA PRIVATE KEY-----\nMIIEowIBAAKCAQEA3oNl7LZc1S9CRnIUG/Y5hmaPWJHo7LkZluCqF1BQl4HdTikZ\nLkIga9hN7tgBi6CUrFivG3qNHDTwz/MYQy6t3Ven2JIgnz0uXoUiHHwCluVVCwYL\nxA+Lom81iZwd1iSJdBSoVdGOwoqIKGrN8HvRBd9bHa+1pObqCrdjJ3WdIQjsciys\ngK8XHjG0CJ0kGsFIyOlUWkHF37vBN91hE8tYymsI/Ijrmmuc40QGJQsPCHG6P+j0\n/axZY6U5UQTMN3qHy2BzgGL4AX7OYBr7vS0qBVv1R5J2KgCYLFoSbvvGq6uA2Wh0\nb+wNglkc1GZlDIBo1wRt+WZBtlutdpxTSTsmmQIDAQABAoIBABCC5BU6sAH4Ed0r\n2b78babXOpj/f278yj+7opYnH8p/o2DJecSeDrf/SEMqVK0G01lu8ul2qydrbJjQ\nXghy24nH7Md238RT3s+6kH4tcTy/aOjalT9tHuGvX7k7HtdVL+eaS9EjGHU/oIcN\nQS8F5QwK7QDeLmaoOuLk2k74h4Ub9/yE0PSaD/t1xgiotGCaFFeuL/Gq82hiFU32\n1qtaaxzyYBYF5r7QySrtHxxUn2hyB8UosULWFt4lFU0aWxvuAiSkr2J4kZloTEEU\ni2EYnTbUP0SN6XcudzRrTB6SXFrmRkoDPT9evK9dcr4Y+fTrGKM5wQTcj8sKdsgZ\nBt5T7V0CgYEA3tTLFNsfIv1/w7o32RlJ0S/kn3HcpPUhcpqL8pIxylWDYTLj3igz\nv5WJPoAlMhkffe5TZpMgGwrm15cntsQ6HKetaJWHysRWwqNra0VHGEhfp7VCr+O1\nijTNm8F/uGMyE0fRxOecMyx1MbiVS2b3lJM8+Ic4DoyxIj7/ZrVfRXUCgYEA/6J9\nMyZPL97IgTJdXBkb/ymH6LgTX1KobnOMXZXHYfbSAl8ad+pTsfWxg1TGJsmLoTxS\nygbciZOalX93lq3HRf9NbO+6Wv1wdpjRG51HZnacPGc+7H3lHsrBSqwAvheOBdhv\nDgtmGqq0z86nnsYTyn74sAjIltfCkQNpVlVOJBUCgYEAneLg0jJAaaZ8tM5pa+ZD\nK3ln4KHo2OjnfjCLIKD9roPQxzorwulxYTovOJ3LvSeX7L7FUVTF1uNulSuA9Dst\ngcg9UnFA+icL4nWwUx2PNmFxhX8ldUM/CmJHnSkJujhu7sJgm8gQISJLF6PWBMs8\neYWqGd6VlZmSmNVSWhABJVECgYAxxJmpVqD+CdpxRLPmVUEdGSHLjeK/oSEHd9lw\n8tMBYIMcURWfGPC4acPodJ2rOXvEpTDdAh73bdQfnNRUcnqkRwL03WsjgcneXPwA\n60rWSOs720Hl2tC7gO/GsNvoJj/RJYThcBitwmQ3PN1nTNrXhoa2Bs++hjzr7IUa\neLsgzQKBgEY/oJC8J3+FltHB3PzI2UcZ62FGer42No6yAzgJrPhDXNSWCN3lmWMX\nIGLKeFc8EGfAwUP0tgtNg4NfPmvqnqdLc8zaIeaqgwMmsDFW/nTkhm7TXeFef1D+\n1BOd7jDvf0naQX+kRMoy7r5zl9NpFM7KxQq2TaMOBw/PiuBHIvS4\n-----END RSA PRIVATE KEY-----",
    "webkey": {
        "d": "EILkFTqwAfgR3SvZvvxtptc6mP9_bvzKP7uilicfyn-jYMl5xJ4Ot_9IQypUrQbTWW7y6XarJ2tsmNBeCHLbicfsx3bfxFPez7qQfi1xPL9o6NqVP20e4a9fuTse11Uv55pL0SMYdT-ghw1BLwXlDArtAN4uZqg64uTaTviHhRv3_ITQ9JoP-3XGCKi0YJoUV64v8arzaGIVTfbWq1prHPJgFgXmvtDJKu0fHFSfaHIHxSixQtYW3iUVTRpbG-4CJKSvYniRmWhMQRSLYRidNtQ_RI3pdy53NGtMHpJcWuZGSgM9P168r11yvhj59OsYoznBBNyPywp2yBkG3lPtXQ==",
        "e": "AQAB",
        "use": "sig",
        "alg": "RS256",
        "kty": "RSA",
        "n": "3oNl7LZc1S9CRnIUG_Y5hmaPWJHo7LkZluCqF1BQl4HdTikZLkIga9hN7tgBi6CUrFivG3qNHDTwz_MYQy6t3Ven2JIgnz0uXoUiHHwCluVVCwYLxA-Lom81iZwd1iSJdBSoVdGOwoqIKGrN8HvRBd9bHa-1pObqCrdjJ3WdIQjsciysgK8XHjG0CJ0kGsFIyOlUWkHF37vBN91hE8tYymsI_Ijrmmuc40QGJQsPCHG6P-j0_axZY6U5UQTMN3qHy2BzgGL4AX7OYBr7vS0qBVv1R5J2KgCYLFoSbvvGq6uA2Wh0b-wNglkc1GZlDIBo1wRt-WZBtlutdpxTSTsmmQ=="
    },
    "client_id": "0"
}```

### Getting the public keys from the platform

In order to validate the various messages we will receive from the platform, we need to get the key sets. We'll also transform the keys to the `PEM` format that is used by the `jwt` module to decode the messages.

The test platform exposes its keys in a keyset format at a well-know location (.well-known/jwks.json). Other platform might just communicate the keyset url as part of the tool deployment information.

In [4]:
keyset = json.loads(requests.get(platform_url + '/.well-known/jwks.json').text)

md('#### Platform keyset')
md('```json\n'+ json.dumps(keyset, indent=4)+'```')

platform_keys = {}

# let's transform as a map for ease of use, and just the PEM because this is what is used by JWT lib
for key in keyset['keys']:
    public_key = RSAPublicNumbers(decode_int(key['e']), decode_int(key['n'])).public_key(default_backend())
    pem = public_key.public_bytes(Encoding.PEM, PublicFormat.SubjectPublicKeyInfo)
    platform_keys[key['kid']] = pem
    


#### Platform keyset

```json
{
    "keys": [
        {
            "e": "AQAB",
            "alg": "HS256",
            "kid": "1519349479_0",
            "kty": "rsa",
            "n": "ogDoRTrZNdQAHQQhoQcoqYfC1mZqbac-ksNoHMu81AnU6YPfp24inMCrUjxh_KEgJ383FGqnP4z6ZdGTWpbWcaW1TZb1JkuYQv5cfBWTdy23kiWH1rEldHh6znlRc5-S5fXS3QX-duI8dpKby5_2l5OoXNmQg10j8ADISkhADosU9o23_aQBT5rDij0Nsvt-o6znnnSRAorkRpfITOyj6dw_MSS2MkhM2cADSegFWjiyV_kkufaaFhf3JyDx0vPKNcNXAJ1MmIs2UZB0t3JOkXT5isKXGzNg0-F2Kv0mBkNUSJBmUq0RA_pPdiRlwR9xvjIsRGg0gk9771L2giljzQ==",
            "use": "sig"
        },
        {
            "e": "AQAB",
            "alg": "HS256",
            "kid": "1519349479_1",
            "kty": "rsa",
            "n": "2OsjZe4DFgtAMoTK_QGoU5GuUOzMoxZs8HeyulYIHdDhpz8vyn2wl9l17Fwdp0AMWL1EbeTgDl-ibTBGSps95xQsg_CWAYc5RUpF7VKueuQ5cLYfF_eE8hCtK4vQsEP1fT6OdWRbLqizYVr4wzBHauH8ozTyUSFggCoHYEVm4AjPmZcBo4XpFZ4LBoqnuU6YxUD-LyqvVpl89bd6DGhVKlXofZlzP3Bo1_4cAaNqDp_AKRy--n1XyMltxD3O1BjKA7-6xFd8hAOQeauyf50a3WIoCoOw3QwrPz4OQPhg9QQQkaMhCCJgwd1g4No-vimSjGKaL3lGkie2QvUvbfVsKQ==",
            "use": "sig"
        },
        {
            "e": "AQAB",
            "alg": "HS256",
            "kid": "1519349479_2",
            "kty": "rsa",
            "n": "nRYGJmkRCBgmS_FpuX8q9UTh7EyXrMrqbepu4FEY4xdRakMstIoeBru-qshIyFrY1dmC2LVFPfbelL94204PBuPGPeX8EPJDjzMtz-t6Ktglt7okAcMAbzCxsfrNbdBO8WvN_L8vrg7iXsodJmSsv-QdQxSZptjywSX5MoE8eawBQ6vC5RLeP4UG65UzuYRhUn6YkvZIZuXdqV_9QRnwT7tGPu11PAb6Vr17m2WICz2tkAKKcJC6272Qik4vRrb9y-G5EFEFD8eUl8JJV8tG9Mbf96PocPltuqxMhoV442ducLyaic3YnogMV44G6UllzM-j8t-VelB5e6Kk3m7xJQ==",
            "use": "sig"
        },
        {
            "e": "AQAB",
            "alg": "HS256",
            "kid": "1519349479_3",
            "kty": "rsa",
            "n": "qUfkO5rb9meAZOi66girNhBbeo3DBp209Ur5ukHg-5bznELShU9ct_6YQ5IHfcRWEICjNH_Jwv79MiSfhxHlfqpqfXrCG_cDc4upSXxINj5LZtPELQ8FI5WdLfsazQfsD_6Ka9S_N45yyGANZX3bSOGABgzxNY57_D61lXkmck8Lhq3Mb7X1BohOo9gBfQnwwyrGRohfl4o72w-7sRMEHphLz_5TMp2a1dZQNL9xx072jn8QeacxUlKYY8s8hqAi7RKpgHlySPjBIxPkDhmBcpW72QiOq1evznV5iOJdK3FsryikNGAR_ZvIojvIf4n4PW_Ds3_KX_ecopM0hM5luw==",
            "use": "sig"
        }
    ]
}```

## Deep Linking - Creating a Link
This section will use the deep linking specification to create a Resource Link to the platform. That resource link will be gradable and used in the following sections of that notebook.

[Deep Linking](https://www.imsglobal.org/specs/lticiv1p0) is a **UI flow**, it is an important piece that is sometimes missed on 1st reading. The user is redirected from the platform to the tool to pick or create one or multiple piece of content (often, LTI links), and the the tool redirects the UI back to the tool with the actual selection (or an empty payload if nothing was picked or created).

So there are 2 messages:

1. `LtiDeepLinkingRequest` from the platform to the tool to start the picking/create session. This is a typical platform launch that contains the context and the user information, and what kind of content items may be created in this flow (for example, this flow might indicate it only wants LTI links).
1. `LtiDeepLinkingResponse` from the tool back to the plaform using the `content_item_return_url` provided in the request.

Once a tool is added to a course, usually the first launch from the platform will be a Deep Linking request.

<img src="assets/lti_advantage_deeplinking.png" width="60%">

### Setup: Getting a Deep Linking Request

This notebook is not a tool actually launched by the platform, so the test platform as way to give us the token that it would include in an actual HTTP POST request, so we can build a mock POST request including the parameter `post_data`.

In [5]:
r = requests.get("{}/tool/{}/cisr".format(platform_url, tool_info['client_id']))

post_data = {
    'id_token':r.text
}

md('`id_token='+ r.text+'`')

`id_token=eyJraWQiOiIxNTE5MzQ5NDc5XzIiLCJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJodHRwOi8vaW1zZ2xvYmFsLm9yZy9sdGkvdmVyc2lvbiI6IjEuMy4wIiwiaHR0cDovL2ltc2dsb2JhbC5vcmcvbHRpL2RlcGxveW1lbnRfaWQiOiJkZXBsb3ltZW50XzAiLCJub25jZSI6IjQ0MDg4Nzk3LTE4MzktMTFlOC05YjQyLWM0OGU4ZmZiNzg1NyIsImh0dHA6Ly9pbXNnbG9iYWwub3JnL2x0aS9tZXNzYWdlX3R5cGUiOiJMVElEZWVwTGlua2luZ1JlcXVlc3QiLCJodHRwOi8vaW1zZ2xvYmFsLm9yZy9sdGkvYWdzIjp7ImxpbmVpdGVtcyI6Imh0dHA6Ly9sb2NhbGhvc3Q6NTAwMC80NDA4ODc5Ni0xODM5LTExZTgtOWI0Mi1jNDhlOGZmYjc4NTcvbGluZWl0ZW1zIiwic2NvcGUiOlsiaHR0cDovL2ltc2dsb2JhbC5vcmcvYWdzL2xpbmVpdGVtIiwiaHR0cDovL2ltc2dsb2JhbC5vcmcvYWdzL3Jlc3VsdC9yZWFkIiwiaHR0cDovL2ltc2dsb2JhbC5vcmcvYWdzL3Njb3JlL3B1Ymxpc2giXX0sInN1YiI6IkxUSUJDVV83IiwiaHR0cDovL2ltc2dsb2JhbC5vcmcvbHRpL2RlZXBfbGlua2luZ19yZXF1ZXN0Ijp7ImFjY2VwdF9wcmVzZW50YXRpb25fZG9jdW1lbnRfdGFyZ2V0cyI6WyJpZnJhbWUiLCJ3aW5kb3ciXSwiZGF0YSI6Im9wPTMyMSZ2PTQ0IiwiYWNjZXB0X211bHRpcGxlIjp0cnVlLCJhY2NlcHRfbWVkaWFfdHlwZXMiOlsiYXBwbGljYXRpb24vdm5kLmltcy5sdGkudjEubHRpbGluayJdLCJhdXRvX2NyZWF0ZSI6dHJ1ZX0sImV4cCI6MTUxOTM0OTU0NiwibmFtZSI6IlRlcmVsbCBTdXoiLCJlbWFpbCI6IlRlcmVsbC5TdXpAZXhhbXBsZS5jb20iLCJodHRwOi8vaW1zZ2xvYmFsLm9yZy9sdGkvY29udGV4dCI6eyJ0eXBlIjpbIkNvdXJzZVNlY3Rpb24iXSwibGFiZWwiOiJMVEkgQm9vdGNhbXAgQ291cnNlIiwiaWQiOiI0NDA4ODc5Ni0xODM5LTExZTgtOWI0Mi1jNDhlOGZmYjc4NTciLCJ0aXRsZSI6IkxUSSBCb290Y2FtcCBDb3Vyc2UifSwiaHR0cDovL2ltc2dsb2JhbC5vcmcvbHRpL3Rvb2xfcGxhdGZvcm0iOnsiZ3VpZCI6Imx0aWJjX2F0XzE1MTkzNDk0ODAiLCJuYW1lIjoiTFRJIEJvb3RjYW1wIFBsYXRmb3JtIn0sImh0dHA6Ly9pbXNnbG9iYWwub3JnL2x0aS9yb2xlcyI6WyJodHRwOi8vcHVybC5pbXNnbG9iYWwub3JnL3ZvY2FiL2xpcy92Mi9tZW1iZXJzaGlwI0luc3RydWN0b3IiXSwiaHR0cDovL2ltc2dsb2JhbC5vcmcvbHRpL2xhdW5jaF9wcmVzZW50YXRpb24iOnsiZG9jdW1lbnRfdGFyZ2V0IjoiaWZyYW1lIiwicmV0dXJuX3VybCI6Imh0dHA6Ly9sb2NhbGhvc3Q6NTAwMC90b29sLzQ0MDg4Nzk2LTE4MzktMTFlOC05YjQyLWM0OGU4ZmZiNzg1Ny9jaXIifSwiaHR0cDovL2ltc2dsb2JhbC5vcmcvbHRpL3Rva2VuZW5kcG9pbnQiOiJodHRwOi8vbG9jYWxob3N0OjUwMDAvYXV0aC90b2tlbiIsImF1ZCI6IjAiLCJmYW1pbHlfbmFtZSI6IlN1eiIsImdpdmVuX25hbWUiOiJUZXJlbGwiLCJpYXQiOjE1MTkzNDk0ODYsImlzcyI6Imh0dHA6Ly9sb2NhbGhvc3Q6NTAwMCJ9.SID0lst2ITdrckDVHcUQbKk7ir9QfZtOYCSULF18PLknR9b39xnqSXY7W0I117s-KnY7rD1pvel1qo7YykzQ1r5i5mNnlVnZidz-Ik2yYzpgGxnzTwI5L5XNhfC-oY0vEF8N3YEoiaJacL11sfiMcxGxoWFWhLyUDGKsa0FF1DvAPH7nCIwe8eIXsWNGouSDx7W-eCXC1sQp194_YAlOT7VfZoNib0br1eyETuQGhlgR78hpTJS8bL9Ki8PEOkFZAOpzpU9RBkJMK7b2yy6sGkf_efaD7krcMnfvWP8RHU0jumZ0Xxmqm-KC0K7psiqts39WPq62oRoJ0Jv2Bcaqdw`

### Task 1: Verify the JWT is properly signed

The first thing before to display to the user the picker/authoring interface to create the link is to validate this request is properly signed. This is done by decoding the JWT using public key from the platform.


In [6]:
# Let's get the kid so we can get the proper public key

# should check ISS first to lookup keyset

encoded_jwt = post_data['id_token']
jwt_headers = jwt.get_unverified_header(encoded_jwt)

content_item_message = jwt.decode(encoded_jwt, 
                                  platform_keys[jwt_headers['kid']], 
                                  jwt_headers['alg'],
                                  audience = tool_info['client_id'])

md('#### Message properly signed! Decoded ContentItemSelectionRequest message:')
md('```json\n'+ json.dumps(content_item_message, indent=4)+'```')


#### Message properly signed! Decoded ContentItemSelectionRequest message:

```json
{
    "http://imsglobal.org/lti/tokenendpoint": "http://localhost:5000/auth/token",
    "http://imsglobal.org/lti/version": "1.3.0",
    "http://imsglobal.org/lti/deep_linking_request": {
        "accept_multiple": true,
        "accept_media_types": [
            "application/vnd.ims.lti.v1.ltilink"
        ],
        "accept_presentation_document_targets": [
            "iframe",
            "window"
        ],
        "auto_create": true,
        "data": "op=321&v=44"
    },
    "family_name": "Suz",
    "http://imsglobal.org/lti/roles": [
        "http://purl.imsglobal.org/vocab/lis/v2/membership#Instructor"
    ],
    "http://imsglobal.org/lti/launch_presentation": {
        "return_url": "http://localhost:5000/tool/44088796-1839-11e8-9b42-c48e8ffb7857/cir",
        "document_target": "iframe"
    },
    "iat": 1519349486,
    "name": "Terell Suz",
    "http://imsglobal.org/lti/context": {
        "id": "44088796-1839-11e8-9b42-c48e8ffb7857",
        "type": [
            "CourseSection"
        ],
        "title": "LTI Bootcamp Course",
        "label": "LTI Bootcamp Course"
    },
    "iss": "http://localhost:5000",
    "given_name": "Terell",
    "email": "Terell.Suz@example.com",
    "nonce": "44088797-1839-11e8-9b42-c48e8ffb7857",
    "sub": "LTIBCU_7",
    "http://imsglobal.org/lti/message_type": "LTIDeepLinkingRequest",
    "http://imsglobal.org/lti/tool_platform": {
        "name": "LTI Bootcamp Platform",
        "guid": "ltibc_at_1519349480"
    },
    "http://imsglobal.org/lti/ags": {
        "scope": [
            "http://imsglobal.org/ags/lineitem",
            "http://imsglobal.org/ags/result/read",
            "http://imsglobal.org/ags/score/publish"
        ],
        "lineitems": "http://localhost:5000/44088796-1839-11e8-9b42-c48e8ffb7857/lineitems"
    },
    "http://imsglobal.org/lti/deployment_id": "deployment_0",
    "aud": "0",
    "exp": 1519349546
}```

### Task 2: extract the information needed to render the selector/authoring UI

If this is the first launch for the user or the course, as a tool you may prompt the user for setup information, including account linking or course setup. Ultimately the user will see the authoring or picking interface that will allow her to create or select the content items to be added to the course.

Some key attributes of the `ContentItemSelectionRequest` will drive the experience:

In [7]:
# fc(claim) prefix the claim with http://imsglobal.org/lti/
mdb('1. What is the current course id? {0}'.format(content_item_message[fc('context')]['id']))
mdb('1. What is the current user id? {0}'.format(content_item_message['sub']))
is_instructor = len(list(filter(lambda x: 'instructor' in x.lower(), content_item_message[fc('roles')])))>0
mdb('1. Is this user an instructor? {0}'.format(is_instructor))
deep_linking_claim = content_item_message[fc('deep_linking_request')]
mdb('1. What kind of content item can be created? {0}'.format(deep_linking_claim['accept_media_types']))
mdb('1. Can I return more than one items to be added? {0}'.format(deep_linking_claim['accept_multiple']))
mdb('1. Will the user be prompted before to actually save the items? {0}'.format(not deep_linking_claim['auto_create']))
deep_linking_return_url = content_item_message[fc('launch_presentation')]['return_url']
mdb('1. Where should I redirect the browser too when done? {0}'.format(deep_linking_return_url))
mdb('1. Is there any data I must pass back to platform when I return? {0}'.format('data' in deep_linking_claim))
mdb()


1. What is the current course id? 44088796-1839-11e8-9b42-c48e8ffb7857
1. What is the current user id? LTIBCU_7
1. Is this user an instructor? True
1. What kind of content item can be created? ['application/vnd.ims.lti.v1.ltilink']
1. Can I return more than one items to be added? True
1. Will the user be prompted before to actually save the items? False
1. Where should I redirect the browser too when done? http://localhost:5000/tool/44088796-1839-11e8-9b42-c48e8ffb7857/cir
1. Is there any data I must pass back to platform when I return? True

### Task 3: building the response token

After the end of the interaction, so user is sent back to the platform throught a browser redirection using an HTTP POST containing the JWT `ContentItemResponse` message. In this case, we will return 2 LTI links, one being graded (since the request supports multiple content items).

Here we're creating the actual response token.

In [8]:
## First let's create our 2 content items
## Note that the URLs are phony as for now there is now way to launch in the notebook anyway...
simple_link =  {
      "mediaType": "application/vnd.ims.lti.v1.ltilink",
      "url": "http://lti.bootcamp/item111",
      "presentationDocumentTarget": "iframe",
      "title": "A simple content item",
      "text": "Some long text",
      "icon": {
        "url": "http://lti.example.com/image.jpg",
        "width": 100,
        "height": 100
      },
      "custom": {
        "lab": "sim4e"
      }
}

assignment_link =  {
      "mediaType": "application/vnd.ims.lti.v1.ltilink",
      "url": "http://lti.bootcamp/item111",
      "presentationDocumentTarget": "iframe",
      "title": "An assignment",
      "text": "Chemical lab sim",
      "icon": {
        "url": "http://lti.example.com/image.jpg",
        "width": 100,
        "height": 100
      },
      "custom": {
        "lab": "sim3a",
        "level": "easy"
      },
      "lineItem": {
        "scoreMaximum": 34,
        "label": "Chemical lab sim",
        "resourceId": "sim3a",
        "tag": "final_grade"
      }
}

now = int(time())

deep_linking_response = {
    "iss": tool_info['client_id'],
    "aud": content_item_message['iss'],
    "exp": now + 60,
    "iat": now,
    "http://imsglobal.org/lti/message_type": "DeepLinkingResponse",
    "http://imsglobal.org/lti/version": "1.3.0",
    "http://imsglobal.org/lti/content_items": [
        simple_link, assignment_link
    ]
    
}

### Task 4: build the signed JWT

In [9]:
deep_linking_response_token = jwt.encode(deep_linking_response, tool_info['webkeyPem'], 'RS256').decode()

print(deep_linking_response_token)

eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJpYXQiOjE1MTkzNDk0ODcsImh0dHA6Ly9pbXNnbG9iYWwub3JnL2x0aS92ZXJzaW9uIjoiMS4zLjAiLCJleHAiOjE1MTkzNDk1NDcsImh0dHA6Ly9pbXNnbG9iYWwub3JnL2x0aS9tZXNzYWdlX3R5cGUiOiJEZWVwTGlua2luZ1Jlc3BvbnNlIiwiaXNzIjoiMCIsImF1ZCI6Imh0dHA6Ly9sb2NhbGhvc3Q6NTAwMCIsImh0dHA6Ly9pbXNnbG9iYWwub3JnL2x0aS9jb250ZW50X2l0ZW1zIjpbeyJtZWRpYVR5cGUiOiJhcHBsaWNhdGlvbi92bmQuaW1zLmx0aS52MS5sdGlsaW5rIiwidGV4dCI6IlNvbWUgbG9uZyB0ZXh0IiwicHJlc2VudGF0aW9uRG9jdW1lbnRUYXJnZXQiOiJpZnJhbWUiLCJjdXN0b20iOnsibGFiIjoic2ltNGUifSwidGl0bGUiOiJBIHNpbXBsZSBjb250ZW50IGl0ZW0iLCJ1cmwiOiJodHRwOi8vbHRpLmJvb3RjYW1wL2l0ZW0xMTEiLCJpY29uIjp7ImhlaWdodCI6MTAwLCJ3aWR0aCI6MTAwLCJ1cmwiOiJodHRwOi8vbHRpLmV4YW1wbGUuY29tL2ltYWdlLmpwZyJ9fSx7Im1lZGlhVHlwZSI6ImFwcGxpY2F0aW9uL3ZuZC5pbXMubHRpLnYxLmx0aWxpbmsiLCJ0ZXh0IjoiQ2hlbWljYWwgbGFiIHNpbSIsInByZXNlbnRhdGlvbkRvY3VtZW50VGFyZ2V0IjoiaWZyYW1lIiwibGluZUl0ZW0iOnsic2NvcmVNYXhpbXVtIjozNCwidGFnIjoiZmluYWxfZ3JhZGUiLCJsYWJlbCI6IkNoZW1pY2FsIGxhYiBzaW0iLCJyZXNvdXJjZUlkIjoic2ltM2EifSwiY3VzdG9

### Task 5: redirect the user back to the platform with the content item selection

Now that we the response token, let's do the actual HTML POST redirection to the platform. Note that because the platform supports `autocreate` there will be no prompt. The 2 items will be added directly to the course.


In [10]:
# Let's start by adding the JWS security claims
content_item_response = {
    'iss': tool_info['client_id'] ,
    'aud': content_item_message['iss']
}

autosubmit_js = """
                var ltiForm = $('<form>');                
                ltiForm.attr('action', '{url}');
                ltiForm.attr('method', 'POST');
                ltiForm.attr('target', 'deeplinking_frame');
                $('<input>').attr({{
                    type: 'hidden',
                    name: 'jws_token',
                    value: '{token}'
                }}).appendTo(ltiForm);
                $('#deeplinking_frame').before(ltiForm);
                ltiForm.submit();
                ltiForm.remove();
                """

autosubmit_js = autosubmit_js.format(url=deep_linking_return_url, token=deep_linking_response_token)

display(HTML('<iframe id="deeplinking_frame" name="deeplinking_frame" style="height: 300px; width:100%"></iframe>'))
display(Javascript(data=autosubmit_js, 
                   lib="https://code.jquery.com/jquery-3.3.1.min.js"))

<IPython.core.display.Javascript object>

## Student Resource Link launch

Now that we have created resource links, let's handle a student launch from one of them. We're going to use a resource link with a **coupled** line item, so that we can use it to send a score back to the platform.

### Setup

The first thing we need, as with deep linking, is to get from the test platform the launch token which an actual tool would get in an actual HTML Form Post.

In [13]:
# select an id from the ones displayed in the course platform in the IFrame above
# if not specified the platform will pick a resource to use

resource_link_id = ''
context_id = content_item_message['http://imsglobal.org/lti/context']['id']

r = requests.get("{}/tool/{}/context/{}/studentlaunch?rlid={}".format(platform_url, 
                                                           tool_info['client_id'], 
                                                           context_id, 
                                                           resource_link_id))

post_data = {
    'id_token':r.text
}

md('`id_token='+ r.text+'`')

`id_token=eyJraWQiOiIxNTE5MzQ5NDc5XzAiLCJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJodHRwOi8vaW1zZ2xvYmFsLm9yZy9sdGkvdmVyc2lvbiI6IjEuMy4wIiwiaHR0cDovL2ltc2dsb2JhbC5vcmcvbHRpL2RlcGxveW1lbnRfaWQiOiJkZXBsb3ltZW50XzAiLCJub25jZSI6IjQ3ZjM3ODAyLTE4MzktMTFlOC05YjQyLWM0OGU4ZmZiNzg1NyIsImh0dHA6Ly9pbXNnbG9iYWwub3JnL2x0aS9tZXNzYWdlX3R5cGUiOiJMVElSZXNvdXJjZUxpbmtMYXVuY2giLCJmYW1pbHlfbmFtZSI6IkVsaXNhIiwic3ViIjoiTFRJQkNVXzEwIiwiZXhwIjoxNTE5MzQ5NTUzLCJuYW1lIjoiRWJiYSBFbGlzYSIsImVtYWlsIjoiRWJiYS5FbGlzYUBleGFtcGxlLmNvbSIsImh0dHA6Ly9pbXNnbG9iYWwub3JnL2x0aS9jb250ZXh0Ijp7InR5cGUiOlsiQ291cnNlU2VjdGlvbiJdLCJsYWJlbCI6IkxUSSBCb290Y2FtcCBDb3Vyc2UiLCJpZCI6IjQ0MDg4Nzk2LTE4MzktMTFlOC05YjQyLWM0OGU4ZmZiNzg1NyIsInRpdGxlIjoiTFRJIEJvb3RjYW1wIENvdXJzZSJ9LCJodHRwOi8vaW1zZ2xvYmFsLm9yZy9sdGkvdG9vbF9wbGF0Zm9ybSI6eyJndWlkIjoibHRpYmNfYXRfMTUxOTM0OTQ4MCIsIm5hbWUiOiJMVEkgQm9vdGNhbXAgUGxhdGZvcm0ifSwiaHR0cDovL2ltc2dsb2JhbC5vcmcvbHRpL3JvbGVzIjpbImh0dHA6Ly9wdXJsLmltc2dsb2JhbC5vcmcvdm9jYWIvbGlzL3YyL21lbWJlcnNoaXAjTGVhcm5lciJdLCJodHRwOi8vaW1zZ2xvYmFsLm9yZy9sdGkvbGF1bmNoX3ByZXNlbnRhdGlvbiI6eyJkb2N1bWVudF90YXJnZXQiOiJpZnJhbWUiLCJyZXR1cm5fdXJsIjoiaHR0cDovL2xvY2FsaG9zdDo1MDAwaHR0cDovL2xvY2FsaG9zdDo1MDAwLyJ9LCJodHRwOi8vaW1zZ2xvYmFsLm9yZy9sdGkvcmVzb3VyY2VfbGluayI6eyJpZCI6IjQ0MDg4Nzk5LTE4MzktMTFlOC05YjQyLWM0OGU4ZmZiNzg1NyIsInRpdGxlIjoiQW4gYXNzaWdubWVudCJ9LCJodHRwOi8vaW1zZ2xvYmFsLm9yZy9sdGkvdG9rZW5lbmRwb2ludCI6Imh0dHA6Ly9sb2NhbGhvc3Q6NTAwMC9hdXRoL3Rva2VuIiwiYXVkIjoiMCIsImh0dHA6Ly9pbXNnbG9iYWwub3JnL2x0aS9hZ3MiOnsibGluZWl0ZW1zIjoiaHR0cDovL2xvY2FsaG9zdDo1MDAwLzQ0MDg4Nzk2LTE4MzktMTFlOC05YjQyLWM0OGU4ZmZiNzg1Ny9saW5laXRlbXMiLCJzY29wZSI6WyJodHRwOi8vaW1zZ2xvYmFsLm9yZy9hZ3MvbGluZWl0ZW0iLCJodHRwOi8vaW1zZ2xvYmFsLm9yZy9hZ3MvcmVzdWx0L3JlYWQiLCJodHRwOi8vaW1zZ2xvYmFsLm9yZy9hZ3Mvc2NvcmUvcHVibGlzaCJdLCJsaW5laXRlbSI6Imh0dHA6Ly9sb2NhbGhvc3Q6NTAwMC80NDA4ODc5Ni0xODM5LTExZTgtOWI0Mi1jNDhlOGZmYjc4NTcvbGluZWl0ZW1zLzEvbGluZWl0ZW0ifSwiaHR0cDovL2ltc2dsb2JhbC5vcmcvbHRpL2N1c3RvbSI6eyJsYWIiOiJzaW0zYSIsImxldmVsIjoiZWFzeSJ9LCJnaXZlbl9uYW1lIjoiRWJiYSIsImlhdCI6MTUxOTM0OTQ5MywiaXNzIjoiaHR0cDovL2xvY2FsaG9zdDo1MDAwIn0.isjhwVch4G0A5j_30NpP1i6-UO5whAzQxEEAfx0nvVTy1aea_iLHVJmI6lKSDk1ih2v4oO4iMQzQUdB39YGXLrvmHaHX8lOPX_vg0Z2iMAb_qRBU-IBionyjGTfUVMkIMWnIaAFogOPjsuPPUk1I-Zb8wsLUeKkDcj_8YHPOS2xr2eAGpbwg7pDbSklQt2E-KVA_rrnIvJ_FcNaTfKYVl2dAscTooONaxhKjmW4Sz0E6J_I32Fa4rrMxqfPaSKYeagtjEo6Ga5RTWOdKBq3Xhq9qmaceacSU-EecnRaJdcg3-ViKxs5-oCloNrOieUR5_D35413D5EywcMfRA8KlMg`

### Task 1: Decode the launch

Now, same as with the Deep Linking request, we decode the token:

In [14]:
encoded_jwt = post_data['id_token']
jwt_headers = jwt.get_unverified_header(encoded_jwt)

student_launch = jwt.decode(encoded_jwt, 
                            platform_keys[jwt_headers['kid']], 
                            jwt_headers['alg'],
                            audience = tool_info['client_id'])

md('```json\n'+ json.dumps(student_launch, indent=4)+'```')

```json
{
    "http://imsglobal.org/lti/tokenendpoint": "http://localhost:5000/auth/token",
    "http://imsglobal.org/lti/version": "1.3.0",
    "family_name": "Elisa",
    "http://imsglobal.org/lti/roles": [
        "http://purl.imsglobal.org/vocab/lis/v2/membership#Learner"
    ],
    "http://imsglobal.org/lti/launch_presentation": {
        "return_url": "http://localhost:5000http://localhost:5000/",
        "document_target": "iframe"
    },
    "http://imsglobal.org/lti/resource_link": {
        "id": "44088799-1839-11e8-9b42-c48e8ffb7857",
        "title": "An assignment"
    },
    "name": "Ebba Elisa",
    "iss": "http://localhost:5000",
    "http://imsglobal.org/lti/context": {
        "id": "44088796-1839-11e8-9b42-c48e8ffb7857",
        "type": [
            "CourseSection"
        ],
        "title": "LTI Bootcamp Course",
        "label": "LTI Bootcamp Course"
    },
    "iat": 1519349493,
    "http://imsglobal.org/lti/custom": {
        "level": "easy",
        "lab": "sim3a"
    },
    "given_name": "Ebba",
    "email": "Ebba.Elisa@example.com",
    "nonce": "47f37802-1839-11e8-9b42-c48e8ffb7857",
    "sub": "LTIBCU_10",
    "http://imsglobal.org/lti/message_type": "LTIResourceLinkLaunch",
    "http://imsglobal.org/lti/ags": {
        "scope": [
            "http://imsglobal.org/ags/lineitem",
            "http://imsglobal.org/ags/result/read",
            "http://imsglobal.org/ags/score/publish"
        ],
        "lineitems": "http://localhost:5000/44088796-1839-11e8-9b42-c48e8ffb7857/lineitems",
        "lineitem": "http://localhost:5000/44088796-1839-11e8-9b42-c48e8ffb7857/lineitems/1/lineitem"
    },
    "http://imsglobal.org/lti/tool_platform": {
        "name": "LTI Bootcamp Platform",
        "guid": "ltibc_at_1519349480"
    },
    "http://imsglobal.org/lti/deployment_id": "deployment_0",
    "aud": "0",
    "exp": 1519349553
}```

## Task 2: extract information to show the correct activity

The launch gives information about the user, her role, the course, but also which actual resource we want to launch into.

In [15]:
# fc(claim) prefix the claim with http://imsglobal.org/lti/
mdb('1. Is this a resource link launch? {0}'.format(student_launch[fc('message_type')] == 'LTIResourceLinkLaunch'))
mdb('1. What is the id of the resource link that is launched? {0}'.format(student_launch[fc('resource_link')]['id']))
mdb('1. What is the name of the resource that is launched? {0}'.format(student_launch[fc('resource_link')]['title']))
mdb('1. What is the current course id? {0}'.format(student_launch[fc('context')]['id']))
mdb('1. What is the current user id? {0}'.format(student_launch['sub']))
is_learner = len(list(filter(lambda x: 'learner' in x.lower(), student_launch[fc('roles')])))>0
mdb('1. Is this user a student? {0}'.format(is_learner))
return_url = student_launch[fc('launch_presentation')]['return_url']
mdb('1. Where should I redirect the browser too when done? {0}'.format(return_url))
mdb('1. Which lab should be displayed? {0}'.format(student_launch[fc('custom')]['lab']))
ags_claim = student_launch[fc('ags')]
mdb('1. Is there a gradebook column for this resource? {0}'.format('lineitem' in ags_claim))
mdb()



1. Is this a resource link launch? True
1. What is the id of the resource link that is launched? 44088799-1839-11e8-9b42-c48e8ffb7857
1. What is the name of the resource that is launched? An assignment
1. What is the current course id? 44088796-1839-11e8-9b42-c48e8ffb7857
1. What is the current user id? LTIBCU_10
1. Is this user a student? True
1. Where should I redirect the browser too when done? http://localhost:5000http://localhost:5000/
1. Which lab should be displayed? sim3a
1. Is there a gradebook column for this resource? True

## Assignment and Grade Services

Now that the student has launched into a grading activity, eventually she will complete it. Let's assume this is an autograded quiz. At the end of the interaction, we're going to send a score.

<img src="assets/assignment_grade_services.png" width="60%">

### Step 1: Get an access token

To be able to send a grade, or call any service on that matter, we must first get an access token. This is done by using a JWT based client grant flow [RFC-7523](https://tools.ietf.org/html/rfc7523).

Here we will re-use the token for the rest of the notebook, so we don't specify scope. If you intend to use the token only for a given operation, it is a good practice to scope it accordingly.

The grant type is [client_credentials](https://tools.ietf.org/html/rfc6749#section-1.3.4) as the trust is established between the tool and the platform. The current user and context are not considered.


In [16]:
token_endpoint = student_launch[fc('tokenendpoint')]

now = int(time())

assertion = {
    "iss": tool_info['client_id'],
    "aud": token_endpoint,
    "exp": now + 60,
    "iat": now,
    "jti": "{0}-{1}".format(tool_info['client_id'], now)
}

assertion_jwt = jwt.encode(assertion, tool_info['webkeyPem'], 'RS256').decode()

token_info = json.loads(requests.post(token_endpoint, data = {
    'client_assertion': assertion_jwt,
    'grant_type': 'client_credentials',
    'client_assertion_type': 'urn:ietf:params:oauth:client-assertion-type:jwt-bearer'
}).text)

md('#### Access token:')
md('```json\n'+ json.dumps(token_info, indent=4)+'```')


#### Access token:

```json
{
    "expires_in": 3600,
    "access_token": "tk4b5db98a-1839-11e8-9b42-c48e8ffb7857",
    "token_type": "Bearer"
}```

### Step 2: Publish a score

In [27]:
# Scores in the subpath scores from lineitem.
print(ags_claim['lineitem'])
p = re.compile('lineitem($|\?|#)')
scores_url = p.sub('lineitem/scores\\1', ags_claim['lineitem'])

print(scores_url.encode())
score = {
    'scoreGiven': 22
}

b64token = base64.b64encode(token_info['access_token'].encode('utf-8')).decode()

headers = {'Authorization': 'Bearer {0}'.format(b64token),
           'Content-Type': 'application/vnd.ims.lis.v1.score+json'}

print(headers['Authorization'])
r = requests.post(scores_url.encode(), headers=headers, data=json.dumps(score))

# let's check it was OK
r.raise_for_status()

md('The score was processed successfully be the back-end')




http://localhost:5000/44088796-1839-11e8-9b42-c48e8ffb7857/lineitems/1/lineitem
b'http://localhost:5000/44088796-1839-11e8-9b42-c48e8ffb7857/lineitems/1/lineitem/scores'
Bearer dGs0YjVkYjk4YS0xODM5LTExZTgtOWI0Mi1jNDhlOGZmYjc4NTc=


HTTPError: 500 Server Error: INTERNAL SERVER ERROR for url: http://localhost:5000/44088796-1839-11e8-9b42-c48e8ffb7857/lineitems/1/lineitem/scores