I have created a simple 'hello-world' web app using express.js framework.
I want the app to be IMS-LTI Compliant so that moodle and other Learning Management Systems can launch it as an external tool.
However, I do not understand how to authenticate the LTI launch in my app (it uses oauth), and I cannot find any express.js/node.js examples of how it's done either. I see that a passport-lti node module exists (https://www.npmjs.org/package/passport-lti), but as a noob with node I just don't understand the sparse documentation.
I have used passport.js to create local authentication - using this video (https://www.youtube.com/watch?v=twav6O53zIQ), I was hoping for similar help for the LTI launch authentication...
Any help is appreciated.
Cheers, Ollie
When an LTI Tool Consumer (i.e. an LMS) launches an LTI Application (Tool Provider) The LTI Tool is sent an HTTP Post.
In order to authenticate that the post is legitimate, you need to verify that the post variable 'oauth_signature' is valid by recomputing the signature locally using the shared secret key that you exchanged with the Tool Consumer when the LTI tool was configured.
The act of verifying the OAuth signature is likely handled by an OAuth library .. nodejs already has these, so please don't reimplement one.
You can read the full process of validating the launch request in the IMS Global documentation