yesod-auth-lti13

Release 0.3.0.0

A plugin using https://hackage.haskell.org/package/lti13 to implement IMS Global LTI 1.3 authentication for yesod-auth.

Homepage Repository Hackage Haskell Download

Keywords
library, web, yesod, Propose Tags , https://hackage.haskell.org/package/lti13, Skip to Readme, , Index, Quick Jump, Yesod.Auth.LTI13, More info, yesod-auth-lti13-0.3.0.0.tar.gz, browse, Package description, package maintainers, edit package information , 0.1.1.0, 0.1.2.1, 0.2.0.0, 0.2.0.1, 0.2.0.2, 0.2.0.3, lti13, https://lti-ri.imsglobal.org/platforms/1812/
License
LGPL-3.0-only
Install
cabal install yesod-auth-lti13-0.3.0.0

Documentation

lti13

This is a minimal implementation of LTI 1.3 authentication for Haskell. It supports performing LTI launches and getting most of the interesting fields of the resource link request.

Development setup

Conventions: lines entered in a regular shell start with $. Lines that go in a nix-shell shell start with [nix-shell]$.

This project provides Nix files for your convenience in creating a working development environment. If you would like to install Nix, there is a guide on the official documentation.

We provide haskell-language-server in our nix-shells.

$ nix-shell
# now you can run commands such as:
[nix-shell]$ cabal new-build all
[nix-shell]$ cabal repl
[nix-shell]$ hoogle server

If the LTI-RI gets broken again

See ./referencetool for details on how to set it up again.

TODOs

  • We are not compliant with LTI 1.3 § 5.1.1.5, which requires redirecting failing authentications to the provider. Client code can probably make this happen, but we just throw an exception.
  • We should probably catch exceptions in our Yesod provider before they force client code to 500. Maybe translate them to 401s.
  • We are not checking the target_link_uri is the same in initiate as in the token. The spec requires this check but it is not used during the auth process, and the value from initiate is untrusted and not given to client code anyway, so this is not a big problem.
  • We should probably provide a method to decode the JWK blob our users are expected to store and/or support calling back to the Provider API ourselves.

Project Information

This codebase is licensed under the GNU LGPLv3 license.

This project has adopted a Code of Conduct based on the Contributor Covenant.

Stats

Dependent repositories
0
Total releases
9
Latest release
First release
Stars
3
Forks
1
Watchers
2
Contributors
1
Repository size
406 KB
SourceRank
7

Development practices

Source repo 2FA enabled
TEXT!
Package manager 2FA enabled
TEXT!
Is security responsive
TEXT!
Dependencies are managed
TEXT!
Issue-free release available
TEXT!
Succession plan available
TEXT!
Package manager 2FA enabled
TEXT!

The Tidelift Subscription provides access to a continuously curated stream of human-researched and maintainer-verified data on open source packages and their licenses, releases, vulnerabilities, and development practices.

Learn more

Releases

0.1.1.0
0.1.2.0
0.1.2.1
0.1.2.2
0.2.0.0
0.2.0.1
0.2.0.2
0.2.0.3
0.3.0.0

Contributors

Jade Lovelace


See all contributors

Something wrong with this page? Make a suggestion

Export .ABOUT file for this package

Last synced: 2022-11-26 01:03:27 UTC

Login to resync this project