Skip to content

feat: Add support for using LTI data to populate user profile#37307

Merged
farhaanbukhsh merged 1 commit intoopenedx:masterfrom
open-craft:kshitij/lti-auth-auto-create-account
Sep 1, 2025
Merged

feat: Add support for using LTI data to populate user profile#37307
farhaanbukhsh merged 1 commit intoopenedx:masterfrom
open-craft:kshitij/lti-auth-auto-create-account

Conversation

@xitij2000
Copy link
Copy Markdown
Contributor

@xitij2000 xitij2000 commented Aug 29, 2025
edited
Loading

Description

Currently the LTI provider implementation auto-creates a random user when logging in, however, the LTI launch can include relevant user details such as their email, full name and even a username. This change makes the LTI code use the provided details if the "Use lti pii" setting is set int eh Django admin.

Supporting information

Testing instructions

  • Configure saLTIre as an LTI consumer by visiting the Security Model page and filling in an LTI launch url for the message URL, and by making sure that a LTI consumer with the same consumere key and secret exists in django admin.
  • Press the connect button to launch.
  • It should create a random user with a random username, password and no profile details.
  • Now check "Use lti pii" in the consumer settings.
  • In the saltaire user section select a different user or change all relevant user details (name, email, id etc).
  • Press connect again to launch.
  • Check now and the new user should use the saltire user id, email and fill in the full name in profile.

Other information

@openedx-webhooks openedx-webhooks added the open-source-contribution PR author is not from Axim or 2U label Aug 29, 2025
@openedx-webhooks
Copy link
Copy Markdown

openedx-webhooks commented Aug 29, 2025

Thanks for the pull request, @xitij2000!

This repository is currently maintained by @openedx/wg-maintenance-edx-platform.

Once you've gone through the following steps feel free to tag them in a comment and let them know that your changes are ready for engineering review.

🔘 Get product approval

If you haven't already, check this list to see if your contribution needs to go through the product review process.

  • If it does, you'll need to submit a product proposal for your contribution, and have it reviewed by the Product Working Group.
    • This process (including the steps you'll need to take) is documented here.
  • If it doesn't, simply proceed with the next step.
🔘 Provide context

To help your reviewers and other members of the community understand the purpose and larger context of your changes, feel free to add as much of the following information to the PR description as you can:

  • Dependencies

    This PR must be merged before / after / at the same time as ...

  • Blockers

    This PR is waiting for OEP-1234 to be accepted.

  • Timeline information

    This PR must be merged by XX date because ...

  • Partner information

    This is for a course on edx.org.

  • Supporting documentation
  • Relevant Open edX discussion forum threads
🔘 Get a green build

If one or more checks are failing, continue working on your changes until this is no longer the case and your build turns green.

Details
Where can I find more information?

If you'd like to get more details on all aspects of the review process for open source pull requests (OSPRs), check out the following resources:

When can I expect my changes to be merged?

Our goal is to get community contributions seen and reviewed as efficiently as possible.

However, the amount of time that it takes to review and merge a PR can vary significantly based on factors such as:

  • The size and impact of the changes that it introduces
  • The need for product review
  • Maintenance status of the parent repository

💡 As a result it may take up to several weeks or months to complete a review and merge your PR.

@openedx-webhooks openedx-webhooks added the core contributor PR author is a Core Contributor (who may or may not have write access to this repo). label Aug 29, 2025
@github-project-automation github-project-automation Bot moved this to Needs Triage in Contributions Aug 29, 2025
@xitij2000 xitij2000 force-pushed the kshitij/lti-auth-auto-create-account branch 2 times, most recently from 43606bb to f6013a1 Compare August 29, 2025 13:21
farhaanbukhsh
farhaanbukhsh reviewed Aug 29, 2025
View reviewed changes
Comment thread lms/djangoapps/lti_provider/views.py Outdated
@xitij2000 xitij2000 force-pushed the kshitij/lti-auth-auto-create-account branch 2 times, most recently from b637199 to 8f193ec Compare August 29, 2025 14:22
@arslanashraf7
Copy link
Copy Markdown
Contributor

arslanashraf7 commented Aug 29, 2025

Hi @xitij2000 thanks for creating this PR. I'll let @farhaanbukhsh do the PR review but I just wanted to run this scenario by you:

Assuming that the LTI configuration used in open edX has the Require User account set to True. And users accessing the content in Canvas are only logged into Canvas(Or other consumer, per se) and not in Open edX. Will they still see the Sign In page when they access the LTI content in Canvas?

@xitij2000 xitij2000 force-pushed the kshitij/lti-auth-auto-create-account branch 2 times, most recently from 62439ee to fe4da75 Compare August 29, 2025 15:41
@xitij2000
Copy link
Copy Markdown
Contributor Author

xitij2000 commented Aug 29, 2025

Hi @xitij2000 thanks for creating this PR. I'll let @farhaanbukhsh do the PR review but I just wanted to run this scenario by you:

Assuming that the LTI configuration used in open edX has the Require User account set to True. And users accessing the content in Canvas are only logged into Canvas(Or other consumer, per se) and not in Open edX. Will they still see the Sign In page when they access the LTI content in Canvas?

The new feature here the "Use LTI PII" flag which if enabled will make sure that if they are logged into canvas, and access Open edX via LTI, they get automatically logged in to their openedx account if it does exist, and if not, it will create a new user that uses the username, name, email etc from the LTI launch info to create a new account.

@arslanashraf7
Copy link
Copy Markdown
Contributor

arslanashraf7 commented Aug 29, 2025

The new feature here the "Use LTI PII" flag which if enabled will make sure that if they are logged into canvas, and access Open edX via LTI, they get automatically logged in to their openedx account if it does exist, and if not, it will create a new user that uses the username, name, email etc from the LTI launch info to create a new account.

Great, do you think this use case will fail on this line when they don't have an account/active session in edx because the request will not be authenticated?

@xitij2000 xitij2000 mentioned this pull request Aug 29, 2025
Open
@xitij2000 xitij2000 force-pushed the kshitij/lti-auth-auto-create-account branch 2 times, most recently from 32e3e16 to f9b6fd4 Compare August 29, 2025 19:00
@xitij2000
Copy link
Copy Markdown
Contributor Author

xitij2000 commented Aug 29, 2025

The new feature here the "Use LTI PII" flag which if enabled will make sure that if they are logged into canvas, and access Open edX via LTI, they get automatically logged in to their openedx account if it does exist, and if not, it will create a new user that uses the username, name, email etc from the LTI launch info to create a new account.

Great, do you think this use case will fail on this line when they don't have an account/active session in edx because the request will not be authenticated?

To activate this new functionality, you'd have to turn off "Require Account" and turn on use_lti_pii, since "require account" means that you need to already have an account, while the LTI PII will only be used to populate an account if it doesn't already exist. In that scenario, if a user is already authenticated and matches the details in the LTI auth, the session continues, if the user is not logged in, but exists, then create_lti_user will return the existing user details. If the user doesn't exist at all, one will be created with the name, username and email from LTI.

farhaanbukhsh
farhaanbukhsh requested changes Aug 30, 2025
View reviewed changes
Copy link
Copy Markdown
Member

@farhaanbukhsh farhaanbukhsh left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I have added minor comments overall looks good

Comment thread lms/djangoapps/lti_provider/tests/test_users.py Outdated
Comment thread lms/djangoapps/lti_provider/users.py Outdated
Comment thread lms/djangoapps/lti_provider/tests/test_users.py
Comment thread lms/djangoapps/lti_provider/users.py Outdated
@xitij2000
Copy link
Copy Markdown
Contributor Author

xitij2000 commented Aug 30, 2025

@farhaanbukhsh I've added the changes you requested to a fixup comment.

@farhaanbukhsh
Copy link
Copy Markdown
Member

farhaanbukhsh commented Aug 31, 2025

@xitij2000 can you please fix the failing tests?

farhaanbukhsh
farhaanbukhsh requested changes Aug 31, 2025
View reviewed changes
Copy link
Copy Markdown
Member

@farhaanbukhsh farhaanbukhsh left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@xitij2000 I can test this and it's working as expected lets fix the test cases, and then it is good to merge. 🚀 🐰

@xitij2000
feat: Add support for using LTI data to populate user profile
7ca8ea9 
Currently the LTI provider implementation auto-creates a random user when
logging in, however, the LTI launch can include relevant user details such as
their email, full name and even a username. This change makes the LTI code
use the provided details if the "Use lti pii" setting is set in the Django
admin.
@xitij2000 xitij2000 force-pushed the kshitij/lti-auth-auto-create-account branch from ff71b16 to 7ca8ea9 Compare August 31, 2025 16:04
farhaanbukhsh
farhaanbukhsh approved these changes Sep 1, 2025
View reviewed changes
Copy link
Copy Markdown
Member

@farhaanbukhsh farhaanbukhsh left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👍

  • ✅ I tested this on tutor devstack master branch
  • ✅ I read through the code
  • ❌ I checked for accessibility issues
  • ✔️ Includes documentation

@farhaanbukhsh farhaanbukhsh merged commit 0bed7d7 into openedx:master Sep 1, 2025
49 checks passed
@farhaanbukhsh farhaanbukhsh deleted the kshitij/lti-auth-auto-create-account branch September 1, 2025 04:06
@github-project-automation github-project-automation Bot moved this from Needs Triage to Done in Contributions Sep 1, 2025
@edx-pipeline-bot
Copy link
Copy Markdown
Contributor

edx-pipeline-bot commented Sep 1, 2025

2U Release Notice: This PR has been deployed to the edX staging environment in preparation for a release to production.

@edx-pipeline-bot
Copy link
Copy Markdown
Contributor

edx-pipeline-bot commented Sep 2, 2025

2U Release Notice: This PR has been deployed to the edX production environment.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@farhaanbukhsh farhaanbukhsh farhaanbukhsh approved these changes

Assignees

No one assigned

Labels

core contributor PR author is a Core Contributor (who may or may not have write access to this repo). open-source-contribution PR author is not from Axim or 2U

Projects

Contributions
Archived in project

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@xitij2000 @openedx-webhooks @arslanashraf7 @farhaanbukhsh @edx-pipeline-bot