LTI consumer users are free to explore provider site

Re: LTI consumer users are free to explore provider site

by Tansu PANCAR -
Number of replies: 2

Hello Eric,

Today I noticed a scenario similar to what you mentioned.

Case 1:

LTI Provider: Moodle 3.5.2

LTI Consumer: Moodle 3.5.2

I shared a specific content (not the whole course)

The navigation is normal, when I access from LTI Consumer, the content on LTI Provider is opened and no blocks from the provider is shown.

When I shared the whole course, I can see the navigation blocks from Provider Moodle and navigate between different activities.

Case 2

LTI Provider: Moodle 3.5.2

LTI Consumer: Open EdX

I shared a specific content (not the whole course)

There is no problem at the login and the content from Moodle is shown in the consumer side, but the navigation blocks from the moodle are also shown, and the user can navigate in the menu and between blocks, as if all course is shared:

Does anyone experience similar issue? Especially with Open Edx or other non-Moodle platform as LTI Consumer?

Regards,

Tansu

Average of ratings: -
In reply to Tansu PANCAR

Re: LTI consumer users are free to explore provider site

by Maxime Taisne -

Hi,

I've been playing around with LTI publication and consumption lately and here is what I noticed.

When Moodle is an LTI provider, it will display contents using an embedded template (i.e. with no navigation whatsoever). This applies only for users with the student role on the consumer LMS, not for teachers (and higher roles) who will see the full navigation.

To disable the navigation for everyone, 'force_embed=1' must be added as a custom parameter on the consumer system. I could confirm on the LTI test tools: http://lti.tools/saltire

I couldn't find a way to force this form the provider Moodle, which is a pity in my opinion.

Cheers,
Max

Average of ratings: Useful (2)
In reply to Maxime Taisne

Re: LTI consumer users are free to explore provider site

by Brian Merritt -
Picture of Particularly helpful Moodlers
Hi all

Is it worth adding this as a tracker for Moodle? Expected behaviour as an LTI provider is to

1. The Moodle LTI provider to have an option to force embed (needed both when sharing a course and when users are higher in privilege than student)
2. LTI consumer user should not be able to see "the rest of the site"
Average of ratings: -