Skip to content

Handle LtiError Error During LTI 1.1 Launch for Unauthenticated User

Choose a tag to compare

View all tags
@michaelroytman michaelroytman released this 22 Aug 18:51
· 327 commits to master since this release
v4.5.0
682c90e
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.

In the LTI 1.1 launch handler, we set the user context. We do this by calling to the LMS's DjangoXBlockUserService to get information about the user. Sometimes, the user is unauthenticated. Sometimes, this is because the user is a web crawler. Other times, the user is a real user, but we do not know why the user is unauthenticated. We have some theories, but we have been unable to confirm them. Regardless, we should not surface a 500 error to the user.

This release adds handling for the LtiError that is raised when a user is unauthenticated during an LTI 1.1 launch. It catches the LtiError and renders an error page. The error page that was used for LTI 1.3 launches was modified to remove the reference to the version of LTI used by the XBlock; these details are unnecessary for a learner, and removing them allows us to reuse a single template for both LTI versions. This template is now used for LTI 1.1 errors as well.

This release also reverts a previous commit that added additional logging to help investigate the error.

Assets 2
Loading