从LTI到Valence的Desire2Learn身份验证
[英]Desire2Learn authentication from LTI to Valence
问题描述
Given an LTI request, how does one authenticate to the Valence API? 
给定一个LTI请求,如何验证Valence API?
The only thing that I have seen is this: 我唯一看到的是:
Widgets and APIs in Desire2Learn Desire2Learn中的小部件和API
This seems to indicate that when our External Learning Tool receives a POST from the D2L server, that we can then issue a Valence API authentication request, which is a GET of the form: 这似乎表明,当我们的外部学习工具从D2L服务器接收到POST时,我们可以发出Valence API身份验证请求,该请求是以下形式的GET:
"https://{server domain}/d2l/auth/api/token?x_a={app id}&x_b={unencoded redirect url signed with app key}&x_target={encoded redirect url}" “ https:// {服务器域} / d2l / auth / api /令牌?x_a = {app id}&x_b = {使用应用程序密钥签名的未编码重定向网址}&x_target = {已编码重定向网址}”
whereupon the D2L server will immediately return a response of the form: D2L服务器将立即返回以下形式的响应:
{redirect url}?x_a={token id}&x_b={token key}&x_c={user identity signature} {redirect url}?x_a = {令牌ID}&x_b = {令牌密钥}&x_c = {用户身份签名}
without requesting credentials from the user. 而不要求用户提供凭据。 My questions are: 我的问题是:
If this is correct, how does the D2L server identify the user for which authentication is being requested, since no user information is specified in the request? 如果正确,由于请求中未指定用户信息,D2L服务器如何识别正在请求身份验证的用户?
Is there some kind of session information that must be appended to the authentication request url, or that must accompany it in the form of cookies? 是否有某种会话信息必须附加到身份验证请求url上,或者必须以cookie的形式附带?
If the description above is not correct, how does the External Learning Tool authenticate with the Valence API, given an LTI request? 如果上面的描述不正确,给定LTI请求,外部学习工具如何通过Valence API进行身份验证?
1 个解决方案
解决方案1
0 2012-05-24 13:33:20
The automatic redirection only occurs in the scenario of a calling back in from BLTI or from a Widget. 自动重定向仅在从BLTI或小部件回调的情况下发生。 This is enabled by the fact that the browser still has a session for the logged in user (as maintained by session cookies). 这是由于浏览器仍然具有用于登录用户的会话(由会话cookie维护)而启用的。
A standalone app arriving to the system may not have that session and will go through credential prompts. 到达系统的独立应用程序可能没有该会话,并且将通过凭据提示。
Two additional notes: -you can retrieve information on the logged in user with the call "whoami" -users will get a prompt when they first use an application asking if they want the app to access data on their behalf. 另外两个注意事项:-您可以通过呼叫“ whoami”检索有关已登录用户的信息-用户在首次使用应用程序时会收到提示,询问他们是否希望该应用程序代表他们访问数据。
Update: I have put a basic sample together showing LTI and Valence and done a quick blog post to describe it in more detail 更新:我将显示LTI和价的基本样本放在一起,并做了一个简短的博客文章来更详细地描述它
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.