-
-
Notifications
You must be signed in to change notification settings - Fork 68
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Authentication outside of Provider app #167
Comments
I'm realizing that the ltik is just a jwt, and I can get the information I need from that. I'm going to leave this open until I'm 100% sure about that because there may still be something I'm missing. |
Hello @benbarefield I don't think i understand your question. What do you mean by Verify and get the user ID? You have access to the ID Token ( |
@Cvmcosta The endpoints I'm accessing are not created by Ltijs, but this was mostly a lack of understand about the ltik being a jwt, and a misreading of the code that was using Auth.verify. I think I can just close this, sorry for the bother. |
Hi @Cvmcosta, I think I have a better understanding of things now, and this is still, maybe, an issue I need to solve. So I'm trying to determine the best way to make it so that a session can survive a page refresh (my tool is opened in a separate tab, not an iframe within the LMS). It'd be great if I could make sure of the httpOnly cookies that ltijs provides, but I think I'd need to go through a similar process as in this ltijs/src/Provider/Provider.js Line 224 in c1e3120
|
Hi @benbarefield, not exactly sure what you're trying to do or what architecture or frameworks you're dealing with, but something like what our team did may be what you're looking for. Rather than rely on the |
@ssciolla absolutely, I saw one of your previous posts and looked at this code: it was helpful, thanks! We didn't roll our own auth system (using AWS Cognito), so there's some challenges involved in that. But writing this response is making me realize I should double check some of my assumptions about Cognito to see how practical this approach would be. |
Thank you very much for this work, it's fantastic! I feel like I'm totally missing something, but maybe not:
Is your feature request related to a problem? Please describe.
I'm using ltijs in
serverless
mode to add LTI into an already existing app, so I have some endpoints that do authentication of the user (passing a token in the header). I'd like the client to be able to use these same endpoints using the ltik as the token.Describe the solution you'd like
I'd love to be able to verify (and get the user ID) from a request that contains the ltik in the header (and the session cookie). This could be done by exporting Utils/Auth or providing an additional public API on Provider.
Describe alternatives you've considered
Either rewriting things to be hosted out of the ltijs express instance or cloning Utils/Auth for my own purposes.
The text was updated successfully, but these errors were encountered: