Check if Deployment ID claim is missing and return an error even if validation if disabled #1396
Comments
… and return an error even if validation is disabled
…rror even if validation is disabled (#1401)
|
I will QA this |
|
@jonespm, So the LTI launch variable are sending 'https://purl.imsglobal.org/spec/lti/claim/deployment_id = ''` now with the check _get_deployment_id() it will throw a deployment_id is not set in jwt body is that what is expected and regardless what the chosen value for LTI_CONFIG_DISABLE_DEPLOYMENT_ID_VALIDATION? |
|
Right, the spec says that this has to be set, so even if validation is disabled it should still fail if it's empty. The value can be set to anything though with validation disabled and it will pass, as long as it's set to something. |
|
Test passes. I couldn't set a null to deployment id since canvas always sending it and we cannot control that from Canvas instance. I think it will be a overkill to use the 1Edtech LTI test suit for resolving this issue So What I did is I throw an error when |
|
That sounds good! I plan to run the 1EdTech test probably next week, hopefully on Monday so we'll see if it passes that or not. But looks it should be fine. |
… and return an error even if validation is disabled (tl-its-umich-edu#1401)
We failed the certification because we allowed missing deployment ids. We could probably turn this on and validate it but if it's missing completely this should have an error and fail.
It looks like from the spec that this is required to be present but it doesn't necessarily need to be validated. https://www.imsglobal.org/spec/lti/v1p3#lti-deployment-id-claim
my-learning-analytics/dashboard/lti_new.py
Line 41 in 3d0a1cc
The text was updated successfully, but these errors were encountered: