We would like to receive technical advice regarding Moodle LMS.
We have an LTI tool, which runs on the different LMS courses and the tool has been using LTI 1.0/1.1 NOT 1.3.
The tool basically scans all the course files and downloads them when needed.
In our current implementation, we have a static token generated for the service and a user in the system context and we send the static token to call the Moodle REST APIs to scan the course files.
In this implementation, the tool can handle only Date access restriction and not the other access restriction such as Activity completion, Grade, Group, User profile and so on. The reason behind this is that the token used to access the Moodle REST APIs is a static stored token of the service user instead of an individual logged in user’s token.
It quite easy to generate an access token for individual logged in user in case of other LMS such as Canvas, Blackboard Learn, Sakai, Desire2Learn, but in the case of Moodle we didn’t find an easy way.
One way to get a token for the individual user’s token for the service is to call the API and pass a username and password of the logged in user.
But in this way, a logged in user needs to provide a username and password in our LTI’s form to generate a token for the user and I think this is not a standard way because the user is already logged in the Moodle LMS and the user doesn't want to provide Moodle credentials to any external tool.
Is there a way to generate the token for the service for the logged in user without providing username and password?