# LTI Advantage bootcamp notebook

The notebook shows how to interact with the LTI Advantage ecosystem. It interacts with an actual server which is used to exercise the service APIs. 


## Setup

In [56]:
import requests
import json
import jwt
import base64
from cryptography.hazmat.primitives.asymmetric.rsa import RSAPublicNumbers
from cryptography.hazmat.backends import default_backend
from cryptography.hazmat.primitives.serialization import Encoding, PublicFormat

def decode_int(b64value):
    return int.from_bytes(base64.urlsafe_b64decode(b64value), byteorder='big')

# This notebook queries an actual test server. It needs its location:
platform_url='http://localhost:5000'

In [13]:
# First we need to get a new tool deployment from the server for this notebook instance
# Each tool must have a client_id and a private key, and the location of the platform
# keyset to be able to interact with the platform.
# How this information is obtained by the tool is NOT currently part of the LTI specifications.

r = requests.get(platform_url + '/newtool')
tool_info = json.loads(r.text)
print(tool_info)

{'key': {'e': 'AQAB', 'alg': 'HS256', 'd': 'GaUmDTtsm9LoZC1udk_WwsmpTobwx_jsnp324DMkq6t5r67c1LyiiFSgN1-Y0qUWH28eggeRabjdWoAKguhuqPGK7uaukday3ugXisPYMgwx3ef8aFw5ieepSNSwsPyyeKwjA7Il-KXRlwRiZiA1n5bRiBAqjoSA261j4KAIsLJENTXg9ZmiARaU4O4fJemdUC0qm8z8dPyA4Y_F-xZPNfB-os5xWioRg8B4pAq7P_Zj_-p7Bmnva1C9IYZ2VQOXqMGeLJ-gtfl8cT2lnripVTTMrEm_HkWZKyKQFwKSG5FDPTKG1WYK-hVZ6JQdg2DiCavpEdi_vWIBBc7-216bHQ==', 'kty': 'rsa', 'use': 'sig'}, 'client_id': '1', 'deployment_id': 'deployment_1'}


## Deep Linking - Creating a Link
This section will use the deep linking specification to create a Resource Link to the platform. That resource link will be gradable and used in the following sections of that notebook.

In [63]:

r = requests.get("{}/tool/{}/cisr".format(platform_url, "0"))
post_data = {
    'content_item_param':r.text
}
print(post_data)

{'content_item_param': 'eyJraWQiOiIxNTE2NTg4NjAwXzIiLCJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJ0ZXN0IjoieHh4IiwiaHR0cDovL2ltc2dsb2JhbC5vcmcvbHRpL3Rvb2xfcGxhdGZvcm0iOnsiZ3VpZCI6Imx0aWJjX2F0XzE1MTY1ODg2MDEiLCJuYW1lIjoiTFRJIEJvb3RjYW1wIFBsYXRmb3JtIn19.YsGZAWbsyRvnUIkJOADeoVcqS0KBpMnMzz-vJ383I7qSFc3teiAvdPhsQSCMIl9ZYtX3E_NcT0cgtdsHPTWmsmX_xv-qaotHlS0UIzhXVTZYMUN88WpRtgIw963dK6RLuIlLjUfCuc7qIH2RGaqprfMf_7Prq3ps7oyduZdksxLrUVc33nQ8huJJoVSChM76i6nxirg2T7ENTH7tgWUqY23hU40IQ3MehgLHXmBGmgAISwpdJfKKeJF2VkKPLlHUwUWc-1D9gXv1QSj9AEiMjt4mJskAoq3aDG56lCC4e_dbN3pf19-vQ1n8UYTgZJskUZ_F-Sg98Fq-1MSL71DREA'}


Once a tool is added to a course, usually the first launch from the platform will be a Deep Linking request. This request will come as a FORM post from the browser as an signed JWT, which is here simulated the post_data object.

### Verify the JWT is properly signed

The first thing before to display to the user the picker/authoring interface to create the link is to validate this request is properly signed. This is done by decoding the JWT using public key from the platform.
The platform exposes its keys in a keyset format at a well-know location (.well-known/)

In [64]:
# We need the key set now
keyset = json.loads(requests.get(platform_url + '/.well-known/jwks.json').text)

platform_keys = {}
# let's transform as a map for ease of use, and just the PEM because this is what is used by JWT lib
for key in keyset['keys']:
    public_key = RSAPublicNumbers(decode_int(key['e']), decode_int(key['n'])).public_key(default_backend())
    pem = public_key.public_bytes(Encoding.PEM, PublicFormat.SubjectPublicKeyInfo)
    platform_keys[key['kid']] = pem
    
# print(platform_keys)

{'1516588600_2': b'-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnDLB/6x0OIqUa7t1c7pa\n1yl/IP+zqzOtpMGMjmzmLaE7z1/ZAiWUTjUrnBmmOw7hZTtVAMgG2j4kVb6BusLo\nBcnyi8rHlLv7YcJF5yfVRMlEefTSJZAyU72PdyeDO9FEu4iFsM2l7cWknW5nYuwT\n7U8JSZjjWDE8YWbxtbW3GmVpkJO/1rmCQKyNQeIHaDiynD1meO3TMgr2RQAjjxXo\n0nwgLd76Jdw+HFhWlY60K2hxyELwzkROlAL6jBQ/S+yTCaZ7n82GCKksYEbug56n\nt/Y/CqsnhRlDw6PQkoXwZRYzb73V5EYCmKekUTeTPYVu9xFaQsq1cb5dF5QGLxu8\nYQIDAQAB\n-----END PUBLIC KEY-----\n', '1516588600_0': b'-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt2K+6d7uWRaaeVTVMBqw\nyIP8d3yFWAxFLvMiINlWzNo4bD3GTpQQUPUc26Kc5aA0jAXNojRMRn9v/sPfaqRD\nNZx0XxXsUo3JW1uuQAX5LBL+sDOYNeyiHXA8atZvsKebHgToXt4irZ/bp/urxOEs\nR0ZDQQsCpwcIh3YFtuin18rRd5g/NidlNbgN6yEdA+cBRq1Dnx9X7Z8+C65kM1kg\nsIqskPlSl9WSkG0ocQiU7daE6BqqOGLaDWnP0L8Rlp4gxLcN/QgHExvwK2trW5tm\nKZ79ov3L8/42u0/UY+aXbSNYHL0EuImoWgP+YvcF4YqZnHal4hMNP0Q58TwrqCtM\nRQIDAQAB\n-----END PUBLIC KEY-----\n', '1516588600_1': b'-----BEGIN PUBLIC K

In [65]:
# Let's get the kid so we can get the proper public key
encoded_jwt = post_data['content_item_param']
jwt_headers = jwt.get_unverified_header(encoded_jwt)

content_item_message = jwt.decode(encoded_jwt, platform_keys[jwt_headers['kid']], jwt_headers['alg'])

print(content_item_message)

{'test': 'xxx', 'http://imsglobal.org/lti/tool_platform': {'name': 'LTI Bootcamp Platform', 'guid': 'ltibc_at_1516588601'}}
