Presentation TitleOrg/ Contact
Just Fire LTI at it!Mike Brousseau, Brock University
Me
Mike BrousseauEducational Technologies Developer
Centre for Pedagogical InnovationBrock University
Brock
Brock UniversitySt Catharines, Ontario, Canada
Student Population ~18,688
Objectives
● What?
● Why?
● Basics concepts of LTI
● Available Libraries
● Example Apps
What’s an LTI?
A simple and cheap way to connect your LMS to external tools without complicated
integrations or double authentication.
Via: http://www.edu-apps.org/coding/tool_launch.png
LTI Consumer (LMS)
LTI Provider (Tools)
Two main components of LTI
http://www.google.com/doodles/30th-anniversary-of-pac-man
Why LTI?
● Writing integrations for third-party tools is a nightmare
o Allows for faster and cheaper integration
● Seamless user experience
o Users stay in the LMS while accessing external tools
● Central ITS processes often can’t keep up with great external tools
o Allows easier piloting or small scaling
A Hash of user data and environmental info is sent from the Consumer to the Provider
The Provider verifies the OAuth connection with the sent key and the agreed upon secret
The Provider then allows the Consumer access to it’s resources based on the user and environmental data sent
LTI 1.0 is one way OAuth 1.0 vouching for passing standardized structured data
LTI 1.0
Same as LTI 1.0-Hash is sent-OAuth is verified-Access is granted
LTI 1.1 is two way OAuth 1.0 vouching for sending standardized structured data to the Provider and Grades back to the Consumer
LTI 1.1
But now the Provider can pass Grades back to the Consumer typically based on the user and environmental data initially sent to the provider
jdhancock - Pin Pals - https://flic.kr/p/6qhgF1
Newest version of LTI
Final specs released Jan 2014
Similar initial launch as LTI 1.0 & 1.1
Supports rich and complex REST based two way communication between your Consumer and Provider
Allows provisions space for Providers to store data in your Consumer
LTI 2.0?
Via: http://developers.imsglobal.org/tutorials.html#lti2
What is the Consumer Sending?context_id=Mikes_Test_Coursecontext_label=Mikes_Test_Coursecontext_title=Mikes_Test_Coursecontext_type=CourseSectionext_basiclti_submit=Press to continue to external tool.ext_lms=sakai-2.9-SNAPSHOText_sakai_eid=mbrousseauext_sakai_privacy=visibleext_sakai_role=Instructorext_sakai_server=https://lms.brocku.caext_sakai_serverid=LMS-APP2launch_presentation_css_url=https://lms.brocku.ca/library/skin/default/tool.csslaunch_presentation_locale=en_USlaunch_presentation_return_url=https://lms.brocku.ca/imsblis/service/return-url/site/Mikes_Test_Courselis_person_contact_email_primary=mbrousseau@brocku.calis_person_name_family=Brousseaulis_person_name_full=Michael Brousseaulis_person_name_given=Michaellis_person_sourcedid=mbrousseaulti_message_type=basic-lti-launch-requestlti_version=LTI-1p0oauth_callback=about:blankoauth_consumer_key=47ydhsg6d5taycbdgfoauth_nonce=18346351683108960oauth_signature=ela19juj55e7q1n0slf594f7/V4=oauth_signature_method=HMAC-SHA1oauth_timestamp=1401478569oauth_version=1.0resource_link_description=Kaltura Categoriesresource_link_id=cd52ed80-ccdd-4781-9e6e-5c19c0aca6d2resource_link_title=Kaltura Categoriesroles=Instructor,Administrator,urn:lti:instrole:ims/lis/Administrator,urn:lti:sysrole:ims/lis/Administratortool_consumer_info_product_family_code=sakaitool_consumer_info_version=2.9-SNAPSHOTuser_id=c43a6cbc-bc94-4f6d-acca-c980ef37cb9cuser_image=https://lms.brocku.ca/direct/profile/c43a6cbc-bc94-4f6d-acca-c980ef37cb9c/image
In Sakai 2.9.3 using the LTI 1.1 Spec
Tony Hisgett - Vortex - https://flic.kr/p/2TFRT4
Message Signingoauth_consumer_key=47ydhsg6d5taycbdgf - Agreed plain-text shared keyoauth_nonce=18346351683108960 - Unique value to ensure unique connectionsoauth_signature=ela19juj55e7q1n0slf594f7/V4 - Consumer computed signatureoauth_signature_method=HMAC-SHA1 - Signature hashing methodoauth_timestamp=1401478569 - Signature timestampoauth_version=1.0 - The version of OAuth used
● Check for the agreed key● Record nonce and compare against stored nonces● Check timestamp is within a reasonable window (IMS suggests 90 minutes)● Generate signature based on hashing method (with key and secret) and compare with sent
signature
Oliver Tacke- checked_tick - https://flic.kr/p/jBYsvd
● context_id=Mikes_Test_Course - The name of the course site launching the tool● [email protected] - User’s email● lis_person_name_family=Brousseau - User’s last name● lis_person_name_full=Michael Brousseau - User’s full name● lis_person_name_given=Michael - User’s first name● lis_person_sourcedid=mbrousseau - User’s username● roles=Instructor,Administrator - User’s role in the consumer● oauth_consumer_key=47ydhsg6d5taycbdgf - Agreed plain-text shared key
Basic Info for a Simple Tool
Who they are, what they’re doing here and if they’re allowed to be here.
Basic PHP<?php
require_once 'ims-blti/blti.php'; //Make sure you include the LTI library
(http://developers.imsglobal.org/imsphpexample.zip)
$lti_auth = array('key' => 'key', 'secret' => 'secret'); //The LTI credentials as we know them
$context = new BLTI('secret', false, false); //Build the LTI object with the credentials as we know them
if ($context->info['oauth_consumer_key'] == $lti_auth['key']){ //Check if the correct key is being sent
if ($context->valid ){ //Make sure our LTI object's OAuth connection is valid
echo 'Valid LTI Connection. Output passed data:';
echo '<pre>',print_r($context->info),'</pre>'; //Print out the
passed data
}
else{ //We already checked the key so it's likely the user is using the wrong secret to generate their OAuth
object
echo "Bad OAuth. Probably sent the wrong secret";
}
}
else{ //Wrong key
echo "Wrong key passed";
}
?>
Basic Ruby#Need the basic rubygems and the sinatra gems (for this example) #We must include the ims/lti and OAuth gems (regardless of
environment)
require 'rubygems'
require 'sinatra'
require 'ims/lti'
require 'oauth/request_proxy/rack_request'
lti_auth = {"key" => "key", "secret" => "secret"} #LTI key and secret hash declaration
post '/' do #Define index path in Sinatra
if lti_auth["key"] == params[:oauth_consumer_key] #Check if the correct key is being sent
provider = IMS::LTI::ToolProvider.new(lti_auth["key"], lti_auth["secret"], params) #Build our LTI object with our credentials
if provider.valid_request?(request) #Make sure our LTI object's OAuth connection is valid
"Successful LTI connection made. Here's what we got: <br /><hr />" +params.inspect
else #We already checked the key so it's likely the user is using the wrong secret to generate their OAuth object
"Bad OAuth. Probably sent wrong secret"
end
else #Wrong key
"Wrong key passed"
end
end
Example LTI Apps (built at Brocku)
Etherpad Request Facility
Library Research Guides by Subject
Google maps with custom marker placed by students
Example LTI Apps (Commercial)
Piazza
Via: https://gigaom2.files.wordpress.com/2012/01/piazzascreenshot.jpg
EBSCO Reading List
LTI App Store - Edu Apps
http://www.edu-apps.org/index.html
More?
http://developers.imsglobal.org/ - IMS Standards
http://www.dr-chuck.com/csev-blog/ - Dr. Chuck
http://www.edu-apps.org/code.html - Basic Coding
Thanks
Email: [email protected]
Twitter: @mcbrousseau
GitHub: https://github.com/kingmook
Web: michaelbrousseau.ca