Using OWIN to handle LTI API authentication

In my previous post I wrote about the OWIN middleware for LTI I wrote to handle LTI launch authentication. This time I want to talk about using OWIN middleware to authenticate the other LTI stuff: outcomes and the new content-item messages.

The Content Item 1.0 spec piggy backs on top of the LTI launch spec, so authentication works almost exactly the same. The only difference is that I needed to add the OWIN middleware for LTI to the Tool Consumer (e.g. http://consumer.azurewebsites.net). That is because the Tool Provider sends the content placement post to the Tool Consumer (almost as if the Tool Provider were launching something on the Tool Consumer).

However, the application event handlers are much simpler. All I needed to do is ensure the request is valid.

image

Basic Outcomes are a different story. Because Basic Outcomes are server-to-server messages, it is very easy to implement an ApiController on the receiving end (the Tool Consumer). There is only one external endpoint called Post.

image

Thanks to Mike Wasson I figured out how to configure the Web API to use OWIN middleware for LTI to authenticate the request in WebApiConfig.cs.

image

Consumer and Provider have been updated to run with the new code. I had to replace the Provider database and I apologize to everyone that had it configured to work with your Tool Consumer. You will have to re-register your tool consumer.

Advertisements
This entry was posted in Uncategorized and tagged , , , . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s