Desire2Learn authentication from LTI to Valence

3k views Asked by At

Given an LTI request, how does one authenticate to the Valence API?

The only thing that I have seen is this:

Widgets and APIs in Desire2Learn

This seems to indicate that when our External Learning Tool receives a POST from the D2L server, that we can then issue a Valence API authentication request, which is a GET of the form:

"https://{server domain}/d2l/auth/api/token?x_a={app id}&x_b={unencoded redirect url signed with app key}&x_target={encoded redirect url}"

whereupon the D2L server will immediately return a response of the form:

{redirect url}?x_a={token id}&x_b={token key}&x_c={user identity signature}

without requesting credentials from the user. My questions are:

If this is correct, how does the D2L server identify the user for which authentication is being requested, since no user information is specified in the request?

Is there some kind of session information that must be appended to the authentication request url, or that must accompany it in the form of cookies?

If the description above is not correct, how does the External Learning Tool authenticate with the Valence API, given an LTI request?

1

There are 1 answers

27
Cadmium On

The automatic redirection only occurs in the scenario of a calling back in from BLTI or from a Widget. This is enabled by the fact that the browser still has a session for the logged in user (as maintained by session cookies).

A standalone app arriving to the system may not have that session and will go through credential prompts.

Two additional notes: -you can retrieve information on the logged in user with the call "whoami" -users will get a prompt when they first use an application asking if they want the app to access data on their behalf.

Update: I have put a basic sample together showing LTI and Valence and done a quick blog post to describe it in more detail