Sharebar?

Database model example?

Database model example?

The LTI 1.3 PHP library and example tool are extremely helpful, but the fake database in the example tool and file-based cache the library uses has left me wanting more. Being new to the OIDC workflow, I could really use an example of a best-practices database model for storing issuers/clients, deployments, and caching keys.

If anyone has a model they're willing to share, or knows of another project that has a model I could borrow from, that'd be much appreciated.

Related, I'm confused a bit by how to implement the find_registration_by_issuer method required for the LTI\Database. As part of the return it's supposed to set_kid($kid), but isn't the $kid part of the launch data? How is the function getting that information, since the JWT isn't being passed to the function?

Re: Database model example?

The ceLTIc project PHP library for LTI is being updated to add support for LTI 1.3 (just finalising the documentation). It is primarily designed for use by Tools. The main database changes from the current release are to the table holding details of tool consumers and the addition of a table to hold access tokens. For MySQL these changes are:

ALTER TABLE lti2_consumer
ADD COLUMN platform_id VARCHAR(255) DEFAULT NULL AFTER secret,
ADD COLUMN deployment_id VARCHAR(255) DEFAULT NULL AFTER platform_id,
ADD COLUMN authorization_server_id VARCHAR(255) DEFAULT NULL AFTER deployment_id,
ADD COLUMN authentication_url VARCHAR(255) DEFAULT NULL AFTER authorization_server_id,
ADD COLUMN access_token_url VARCHAR(255) DEFAULT NULL AFTER authentication_url,
ADD COLUMN public_key text DEFAULT NULL AFTER signature_method,
ADD COLUMN jku VARCHAR(255) DEFAULT NULL AFTER pem_key;

ALTER TABLE lti2_consumer
DROP INDEX lti2_consumer_consumer_key_UNIQUE,
ADD UNIQUE INDEX lti2_consumer_consumer_key_UNIQUE (consumer_key ASC, platform_id ASC, deployment_id ASC);

CREATE TABLE lti2_access_token (
consumer_pk int(11) NOT NULL,
scopes text NOT NULL,
token varchar(2000) NOT NULL,
expires datetime NOT NULL,
created datetime NOT NULL,
updated datetime NOT NULL,
PRIMARY KEY (consumer_pk)
) ENGINE=InnoDB DEFAULT CHARSET=utf8;

ALTER TABLE lti2_access_token
ADD CONSTRAINT lti2_access_token_lti2_consumer_FK1 FOREIGN KEY (consumer_pk)
REFERENCES lti2_consumer (consumer_pk);

I'd also be interested in seeing other examples.

Re: Database model example?

Apologies, the reference to "pem_key" in my previous message should have read "public_key".

I attached a DB model Martin

I attached a DB model Martin made for a presentation, he's the one who created that PHP library. It doesn't cover caching keys, but it has the models for how you might store your own keypairs.

I haven't looked at the details of how that library works so I can't answer the question about how it works.

 

 

Hi Bracken. I am getting a

Hi Bracken. I am getting a "403 Forbidden" response when I try to access your attachment even though I am logged into the website. Please can you investigate.

Also, how come your reply to this post has appeared on the forum but not the two replies I submitted before you?

Thanks.

Sorry, David, it looks like

Sorry, Stephen, it looks like the forum is requiring approval of comments right now and so these comments were delayed.
I'm not sure about why you're not allowed to see the image either, I'll see if I have any permission settings to change.

You can see it in this presentation in the second half: https://github.com/IMSGlobal/ltibootcamp/blob/master/europe_tech_2020/IMS%20Europe%20Bootcamp.pdf

Re: DB model

Thanks for the link to the database model. I see that it contains a table for registrations and one for deployments. However, since the client ID is not guaranteed to be present in the initiate login request message, would the platform_login_auth_endpoint value not be related just to the issuer, rather than to the combination of issuer and client_id? This would suggest the need for a clients table as well, or are you suggesting enforcing this via a unique index? Thanks.

As part of the return it's

As part of the return it's supposed to set_kid($kid)

The KID that you are setting here is the tool's KID for the tool JWKS URL. If you are not using a JWKS, but instead just using a single JWK, then you can enter anything as your KID. Sorry, I should really have done something to make this clearer.

As for the fake database in the PHP example, i did have plans to add an example using a real database with the docker-compose, i just haven't gotten round to doing that yet

TAO LTI 1.3 PHP framework

A bit late to reply to this topic, but we released the TAO LTI 1.3 PHP framework:

  • Covers LTI advantage needs for both platform and tool sides
  • Open source
  • IMS certified

Feel free to take a look :) 

TAO LTI 1.3 PHP framework

A bit late to reply to this topic, but we released the TAO LTI 1.3 PHP framework:

  • Covers LTI advantage needs for both platform and tool sides
  • Open source
  • IMS certified

Feel free to take a look :)