LTI 1.3 JWT error on Moodle 3.11.9

LTI 1.3 JWT error on Moodle 3.11.9

Carly Born -
回帖数:4
We are still on Moodle 3.11.9 until later in November, although we have patched our servers recently.  We are experiencing errors related to the MDL-77077 tracker item.  On our servers it appears that the 3rd party library of Firebase was upgraded to version 6.6 - which has a new parameter 'alg'.  And while a good chunk of our LTI tools work just fine, a few do not.  They throw errors on trying to parse the keyset.

We cannot upgrade production at this point, it's less than a week until our fall term starts.  Is it reasonable to downgrade the Firebase JWT library to a version before they introduced this new parameter?  What version would that be?
回复Carly Born

Re: LTI 1.3 JWT error on Moodle 3.11.9

Jake Dallimore -
Core developers的头像 Moodle HQ的头像 Particularly helpful Moodlers的头像 Peer reviewers的头像 Plugin developers的头像 Testers的头像
Hi Carly,

The php-jwt library included in lib/php-jwt needs to be version 5.2.0 on Moodle 3.11.x. We ship that specific version and all bets are off if sites change/upgrade that.

MDL-77077 is an issue that relates only to 4.0+ versions of Moodle, since 3.11.x doesn't have the LTI 1.3 provider yet.

Hope that helps,
Jake
回复Jake Dallimore

Re: LTI 1.3 JWT error on Moodle 3.11.9

Carly Born -
Jake,

Thanks for the response. Do you know if there are any down-sides to trying to downgrade php-jwt?
回复Carly Born

Re: LTI 1.3 JWT error on Moodle 3.11.9

Jake Dallimore -
Core developers的头像 Moodle HQ的头像 Particularly helpful Moodlers的头像 Peer reviewers的头像 Plugin developers的头像 Testers的头像
Hi Carly,

The person who made that change know the details of that better than I. There may have been some third party piece of code that needed the upgrade - I'm really just guessing though. All I can say is that installations shouldn't be changing the versions of these shipped libraries. We test each release with the shipped version and can make no guarantees about the state of things should that version be changed.

Cheers,
Jake
回复Jake Dallimore

Re: LTI 1.3 JWT error on Moodle 3.11.9

Carly Born -
We finally resolved the issue after much time debugging. The php-jwt library was not the issue, instead our security officer was agressive in blocking some traffic.  🤦🏻‍♀️