/django-lti-auth

Django LTI Authentication Made Easy. Easily integrate with your LTI provider for Django projects

Primary LanguagePythonMIT LicenseMIT

django_lti_auth

Latest PyPI version

This project aims to provide a dead simple way to integrate LTI Authentication into your Django powered app. Try it now, and get rid of the complicated configuration of LTI.

Usage

  1. Set up the app as an LTI tool on Moodle. You need to specify the following:

    1. Secure Tool URL:
    Secure Tool URL
    1. Consumer key and Shared secret:
    Consumer Key and Secret

  2. Import the views module in your root urls.py

    # this is main urls.py for the project
from django.conf.urls import url, include

urlpatterns += [
       url(r'^lti/', include('django_lti_auth.urls')),
       ...
]

  3. In settings.py, add the LTI related configuration.

    PYLTI_CONFIG = {
        "consumers": {
            "<djangoConsumerKey>": {
                "secret": "<djangoSecret>"
            }
        },
        "method_hooks":{
            "valid_lti_request":"<Specify method to call after validation of a valid LTI payload>",
            "invalid_lti_request":"<Specify method to call after validation of an invalid LTI payload>"
        },
        "next_url":"<Default home page>"
    }

  4. You also need to add the following settings into your settings.py file.

    X_FRAME_OPTIONS = 'ALLOW-FROM https://moodle.telt.unsw.edu.au/'
SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https')
SECURE_SSL_REDIRECT = False
SESSION_COOKIE_SECURE = True
CSRF_COOKIE_SECURE = True

  5. Add 'django_lti_auth' to INSTALLED_APPS

    INSTALLED_APPS = [
    '...',
    'django_lti_auth',
]

Explanation

  • valid_lti_request - The module calls the method you specify here after validating the LTI payload if the payload is valid. The method passes the LTI payload values extracted into a python dictionary as an argument to this method. You can use this payload to bind the user variables to the session.

    def valid_lti_request(user_payload, request):
    ...
    request.session['userid'] = user_payload['user_id']
    request.session['roles'] =  user_payload['roles']
    request.session['context_id'] = user_payload['context_id']
    ...

    You can return a URL value in case you want to redirect the LTI authenticated user to a new URL after the LTI Authentication.

    def valid_lti_request(user_payload, request):
    ...
    url = reverse('<intented URL string>', kwargs={'context': user_payload['context_id'], 'userid':user_payload['user_id']})
    return url

  • invalid_lti_request - This method is called after validation when the LTI payload is invalid. You can use this method to redirect the user back to the login page (or an access denied page).

Installation

To install the package run the following command:

pip install django-lti-auth

Requirements

PyLTI==0.5.1

Licence

MIT license

Authors

django_lti_auth was written by Rohit Jose.