You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Describe the bug
If you have two or more LTIs registered, when you access /keys on on of the LTIs, you get this error:
provider:main Error: error:1C800064:Provider routines::bad decrypt
provider:main at Decipheriv.final (node:internal/crypto/cipher:199:29)
provider:main at Database.Decrypt (node_modules/ltijs-sequelize/dist/DB.js:680:52)
provider:main at Database.Get (node_modules/ltijs-sequelize/dist/DB.js:523:38)
provider:main at processTicksAndRejections (node:internal/process/task_queues:95:5)
provider:main at async Function.build (node_modules/ltijs/dist/Utils/Keyset.js:14:19)
provider:main at async Provider.value (node_modules/ltijs/dist/Provider/Provider.js:249:26)
Expected behavior
/keys should return some JSON. It works fine with only one LTI in the database, but as soon as you add a second LTI with a different encryption key, the /keys URL fails.
Additional context
This is using ltijs-sequelize with a MySQL database.
The problem seems to be in https://github.com/Cvmcosta/ltijs/blob/master/src/Utils/Keyset.js#L11 where it retrieves all public keys for all LTIs instead of only the keys belonging to the current LTI. When it tries to decrypt the values for the other LTIs, the decryption fails, assuming each LTI you deploy is using a different key.
The text was updated successfully, but these errors were encountered:
Hello! This error happens if you change the encryption key after registering a tool. Since we'll try to decrypt with the wrong key. Can you please remove the platforms and try again? Or clean the platforms table.
Yes we cleared the platform table and registered the LTIs again and the problem returns.
If you register all the LTIs with the same key then it works, but if you register LTI 1 with key 1, and LTI 2 with key 2, then both LTIs fail when /keys is accessed.
For anyone else experiencing this issue:
The fix for me (like @Cvmcosta stated), was clearing my platforms table in my LTI database and re-registering the LTI platform (didn't need to recreate the LTI key in Canvas though). Removing only the private and public keys affiliated to the old encryption key didn't work for me, it wasn't until I cleaned my platform tables that it worked again.
The actual problem here is different than the error message, so I would suggest that the error gets caught before calling Decrypt in the DB script. Maybe checking for copies of same client id on same platform? Or, even easier, could catch this issue, and give some additional info, stating the encryption key does not match the encryption key registered initially?
Describe the bug
If you have two or more LTIs registered, when you access
/keys
on on of the LTIs, you get this error:Expected behavior
/keys should return some JSON. It works fine with only one LTI in the database, but as soon as you add a second LTI with a different encryption key, the /keys URL fails.
Additional context
This is using ltijs-sequelize with a MySQL database.
The problem seems to be in https://github.com/Cvmcosta/ltijs/blob/master/src/Utils/Keyset.js#L11 where it retrieves all public keys for all LTIs instead of only the keys belonging to the current LTI. When it tries to decrypt the values for the other LTIs, the decryption fails, assuming each LTI you deploy is using a different key.
The text was updated successfully, but these errors were encountered: