We are still on Moodle 3.11.9 until later in November, although we have patched our servers recently. We are experiencing errors related to the MDL-77077 tracker item. On our servers it appears that the 3rd party library of Firebase was upgraded to version 6.6 - which has a new parameter 'alg'. And while a good chunk of our LTI tools work just fine, a few do not. They throw errors on trying to parse the keyset.
We cannot upgrade production at this point, it's less than a week until our fall term starts. Is it reasonable to downgrade the Firebase JWT library to a version before they introduced this new parameter? What version would that be?
Hi Carly,
The php-jwt library included in lib/php-jwt needs to be version 5.2.0 on Moodle 3.11.x. We ship that specific version and all bets are off if sites change/upgrade that.
MDL-77077 is an issue that relates only to 4.0+ versions of Moodle, since 3.11.x doesn't have the LTI 1.3 provider yet.
Hope that helps,
Jake
The php-jwt library included in lib/php-jwt needs to be version 5.2.0 on Moodle 3.11.x. We ship that specific version and all bets are off if sites change/upgrade that.
MDL-77077 is an issue that relates only to 4.0+ versions of Moodle, since 3.11.x doesn't have the LTI 1.3 provider yet.
Hope that helps,
Jake
Hi Carly,
The person who made that change know the details of that better than I. There may have been some third party piece of code that needed the upgrade - I'm really just guessing though. All I can say is that installations shouldn't be changing the versions of these shipped libraries. We test each release with the shipped version and can make no guarantees about the state of things should that version be changed.
Cheers,
Jake
The person who made that change know the details of that better than I. There may have been some third party piece of code that needed the upgrade - I'm really just guessing though. All I can say is that installations shouldn't be changing the versions of these shipped libraries. We test each release with the shipped version and can make no guarantees about the state of things should that version be changed.
Cheers,
Jake