TokenRetriever Class
Closed this issue · 5 comments
Hello Developer, I was trying to use spring-security-lti13 to provide LTI1.3 authentication in our project. I have few questions if you could help me out:
- The spring-security-lti13-demo mentioned on the specification, returns a JSON with Public Key and after going through all the references, I came to a conclusion that this Public Key is NOT a Token for authentication. And if it is a Public Key, then how we can fetch the Token.
- I need to get the token and authenticate the client, and as per my understanding on spring-security-lti13 code, there is method called getToken(ClientRegistration clientRegistration, String... scopes) from TokenRetriever file, that would help me to fetch the token by providing various parameters.
Please guide if my understanding is wrong in the above two points.
I'm slightly confused about what you are trying to achieve. A public/private keypair is only needed when you are trying to use one of the LTI Advantage APIs for example the Names and Roles Provisioning Service which has basic support in this library or the Assignments and Grade Services which isn't supported at all.
If you are just wanting to launch to the tool you don't need the public/private keypair.
Thanks for your reply. I am supposed to implement launch of our third party tool through LTI1.3 authentication.
As per "https://www.imsglobal.org/spec/security/v1p0/#openid_connect_launch_flow" i.e. open id connect launch flow, i should receive a id_token, that i would use to redirect to third party tool.
The token is returned in the last part of the login, are you need direct access to the token or just the claims in the token? If you just want to access the claims you should be able access the principal and get at the claims from that.
Thanks for your reply. I have gone through the code and understood a lot of things. Actually, earlier I was trying to retrieve the token but now we just need the target link and in between apply the user provisioning. Thanks once again and Have a great day.
Ok, closing the issue for now.