Configure Client-ID and consumerkey256

Configure Client-ID and consumerkey256

by Tim Volckmann -
Number of replies: 10

Hi every1,

we're trying to use Moodle as LTI provider. In our demo course we added the enrolment method and published the course as LTI module. So far, so good. In the other LMS, we're using the client secret and the url's we got from Moodle, but there's already one problem... The "Client ID" is a required field for the LTI configuration in the other LMS. So the question is, how can I configure the "Client ID" in Moodle? In the docs, it says that the "Client ID" can be anything or simply empty. But when we set it to anything, we're getting an error because of an invalid signature. So the first question is, how can we configure the client id used in Moodle?

When we leave the "Client ID" blank in the other system, we cannot save/add the configuration, but we can test it and it seems that the signature correct now. Unfortunately, now we're getting another error when writing to database because "consumerkey256" (and also consumerkey) is null:


So the question is, what's going wrong here? Do I need to configure the "consumerkey256" / "consumerkey" anywhere in Moodle? We're using Moodle 3.9 and LTI-1p0 (because in LTI-1p1 we're getting an error that the version number is missing or invalid).

Average of ratings: -
In reply to Tim Volckmann

Re: Configure Client-ID and consumerkey256

by Jake Dallimore -
Picture of Core developers Picture of Moodle HQ Picture of Peer reviewers Picture of Plugin developers Picture of Testers
Hi Tim,

Sorry to hear you're having trouble. First up, you definitely need the client id, so you should be entering that in the remote LMS. Moodle just takes any client id passed in and keeps a record of it. You can use any string you like. It's up to you. If you had multiple clients, you'd probably use different strings for each, for example.

Then, it's just a matter of why you're not getting the launch to work (you mentioned a signature issue). Which URLs are you using? Have you copied the secret exactly into the LMS platform? If you could please attach a trace of the error you're seeing in that circumstance, that'd be helpful.

Cheers,
Jake
Average of ratings: -
In reply to Jake Dallimore

Re: Configure Client-ID and consumerkey256

by Tim Volckmann -
Hi Jake,

thank you for your answer. When we set it to any Client ID, yes... we're getting an error because of invalid signature. Only one external system is connected/using the Url's generated by Moodle. We configured the "Client ID" and set it to anything like "test" or "demo". The "Client Secret" is as provided by Moodle ("06Mzcj..." - you can find it in the error message shown above). The "Access URL" is "https:///enrol/lti/tool.php?id=3" and the "Authentication Method" is set to "OAuth1-SHA1".
Average of ratings: -
In reply to Tim Volckmann

Re: Configure Client-ID and consumerkey256

by Jake Dallimore -
Picture of Core developers Picture of Moodle HQ Picture of Peer reviewers Picture of Plugin developers Picture of Testers
Hi Tim,

Ok, you're using the correct URL and the rest looks okay too.

Troubleshooting invalid signatures for this kind of thing can be tricky, which is why I asked for a specific trace. Can you please attach the exact stack trace which contains the wording "Invalid signature" (which resulted from sending a valid client id). The above example doesn't show this and relates to the case where you omitted the client id.

Thanks
Average of ratings: -
In reply to Jake Dallimore

Re: Configure Client-ID and consumerkey256

by Tim Volckmann -
Hi Jake, unfortunately I'm not getting any stack trace. What I get is the following:


Average of ratings: -
In reply to Tim Volckmann

Re: Configure Client-ID and consumerkey256

by Jake Dallimore -
Picture of Core developers Picture of Moodle HQ Picture of Peer reviewers Picture of Plugin developers Picture of Testers
I'd suggest trying one of the following:
a) Set the custom launch param "custom_debug=true" (set this in the LMS)
b) Enable developer debugging on the Moodle site.

That may give you some more useful information to work with. Worth also checking that both tool/platform are using the same time. If the time is out, signature verification can fail.
Average of ratings: -
In reply to Jake Dallimore

Re: Configure Client-ID and consumerkey256

by Tim Volckmann -
Where do I need to set the "custom_debug=true" in the LMS? I can set it in the other LMS as parameter...

Developer debugging is already enabled on Moodle side.
Average of ratings: -
In reply to Tim Volckmann

Re: Configure Client-ID and consumerkey256

by Jake Dallimore -
Picture of Core developers Picture of Moodle HQ Picture of Peer reviewers Picture of Plugin developers Picture of Testers
If you've already set developer debugging, then that's all you should need to do (it'll have the same effect as sending that launch param). Unfortunately, all of this code is very difficult to debug in situations such as this without actively stepping through the launch with something like xdebug - which may or may not be an option for you. If you can, I'd recommend doing that. We essentially want to pinpoint exactly why the signature verification fails.

Unfortunately, there's not a lot else i can suggest right now from here. I'd also be checking that the other platform is trying to launch into the tool using 1.1, and isn't trying via a newer method like 1.3.
Average of ratings: -
In reply to Jake Dallimore

Re: Configure Client-ID and consumerkey256

by Tim Volckmann -
The other platform is using LTI 1.0 (see the "litversion"-entry in the error message above).

We set the "custom_debug=true", but unfortunately we're not getting any trace, but in Moodle the debug level is set to "Development" and also "Debug messages" are enabled. Any other idea?
Average of ratings: -
In reply to Tim Volckmann

Re: Configure Client-ID and consumerkey256

by Jake Dallimore -
Picture of Core developers Picture of Moodle HQ Picture of Peer reviewers Picture of Plugin developers Picture of Testers
Nothing I can suggest I'm afraid. Maybe if you share details about what platform you're trying to integrate with, others will be able to add their 2c. Maybe someone else has run into a similar issue with that specific platform. Like i said, signature verification can be tricky to debug and is something you really need access to the servers to step through in cases like this.
Average of ratings: -
In reply to Jake Dallimore

Re: Configure Client-ID and consumerkey256

by Tim Volckmann -

Hi Jake,

I'm trying to "integrate" Moodle with SABA. Moodle is the provider and SABA the consumer, but I've no access to the SABA servers. So I cannot check anything on SABA end, but on Moodle end. But unfortunately I'm not getting any debug information or any stack trace in Moodle - even if I enable debugging and also set custom_debug to true 🤔

Average of ratings: -