You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I'm using this library to implement LTI 1.3 into an LMS application. Reading the documentation, I'm able to get the integration working but caching access tokens doesn't make sense to me!
When setting up the server service we generate an access token for a key chain which requires passing AccessTokenRepository to store the created access tokens, However, the AccessTokenRepository is not used with service endpoint authentication so why are we storing these tokens if they're not being used?
Possible Solution?
Maybe the idea is that we create a custom validator interface and pass it to RequestAccessTokenValidator? I think that'd work by decoding the JWT and searching for the id in the cache (the database in my case).
Ideal solution
Since the AccessTokenRepository is required for generating access tokens, It should also be required for validating access tokens. so RequestAccessTokenValidator.php should be modified to use the cache adapter to search for access tokens and make sure they're not revoked or expired.
The text was updated successfully, but these errors were encountered:
Description:
I'm using this library to implement LTI 1.3 into an LMS application. Reading the documentation, I'm able to get the integration working but caching access tokens doesn't make sense to me!
When setting up the server service we generate an access token for a key chain which requires passing
AccessTokenRepositoryto store the created access tokens, However, theAccessTokenRepositoryis not used with service endpoint authentication so why are we storing these tokens if they're not being used?Possible Solution?
Maybe the idea is that we create a custom validator interface and pass it to
RequestAccessTokenValidator? I think that'd work by decoding the JWT and searching for the id in the cache (the database in my case).Ideal solution
Since the
AccessTokenRepositoryis required for generating access tokens, It should also be required for validating access tokens. so RequestAccessTokenValidator.php should be modified to use the cache adapter to search for access tokens and make sure they're not revoked or expired.The text was updated successfully, but these errors were encountered: