WeBWorK Main Forum

LTI 1.3 from Moodle is sending hashed data for some fields

LTI 1.3 from Moodle is sending hashed data for some fields

by Sean Fitzpatrick -

This is not a breaking issue, but a bit of a curiosity/annoyance:

When students click on an LTI 1.3 link, their account is created. (Yay!)

First name, last name, login name, email address, and permission level are all set correctly.

But they are also getting a value for "Section" that looks like a long hash in hexadecimal, like b45ac84e-f8bc-480d-9632-98378f072baf.

Not a big deal, since it's just clutter, but odd nonetheless. Is there an easy way to have WeBWorK ignore this?

LTI 1.3 from Moodle is sending hashed data for some fields

by Glenn Rice -
LTI 1.3 uses the course_section_sourcedid sub key of the https://purl.imsglobal.org/spec/lti/claim/lis key in the JWT claims for the section. LTI 1.1 uses the context_label parameter for this.

Unfortunately, there isn't a direct option for this for either of the LTI versions. However, you can use the modify_user method to delete that or set it to another claim if you want. For example,
 
$LTI{v1p3}{modify_user} = sub {
    my ($self, $user) = @_;
    delete $user->{section};
};
would delete the section so it wouldn't be set for the users.  Add that to conf/authen_LTI_1_3.conf (or a course.conf file for a specific course).

LTI 1.3 from Moodle is sending hashed data for some fields

by Sean Fitzpatrick -
Thanks. One of the things that Moodle does poorly is section management for multi-section courses. (I'd go so far as to suggest this doesn't exist. Or if it does, our IT doesn't support it.) We get separate Moodle pages created for each section we teach; in a multi-section course, if all instructors agree to coordination, we have to jointly submit a special request to create a meta-course that pulls in all the sections, but within that there is no means of sorting by section.

So probably it makes sense to delete the section data.