Moodle support for LTI postmessage

Moodle support for LTI postmessage

Tom Doesburg -
回帖数:3

We have build a cookieless LTI using the LTI postmessage spec. https://www.imsglobal.org/spec/lti-pm-s/v0p1
We use this for LTI authentication when users use Safari or do not accept 3rd party cookies. This works fine in Brightspace, but it doesnt seem to work out of the box in Moodle.

After some digging I found https://tracker.moodle.org/browse/MDL-72022. So apparently Moodle does not support this yet.

Is there an estimation when this is coming?
This might become problematic quite soon when Chrome decides to stop just warning and start enforcing 3rd party cookie limitations.

平均分: -
回复Tom Doesburg

Re: Moodle support for LTI postmessage

Brett Dalton -
Moodle HQ的头像 Particularly helpful Moodlers的头像

There is currently a large piece of work to migrate the LTI implementation into a core subsystem from being a module.  This is targeted for Moodle 5.0. The cookie shim work can't be done until this is complete but given the move toward blocking cookies for a number of browsers it will likely be looked at mid next year.

平均分: -
回复Tom Doesburg

Re: Moodle support for LTI postmessage

Jake Dallimore -
Core developers的头像 Moodle HQ的头像 Particularly helpful Moodlers的头像 Peer reviewers的头像 Plugin developers的头像 Testers的头像
Hi Tom,

I'd just like to point out that, right now, that's not strictly a blocker to tool use in Safari. Of course if you've built the tool around that spec, then it is. Ideally, you'd be able to support the Storage Access API (https://developer.mozilla.org/en-US/docs/Web/API/Storage_Access_API) to include users in the process and allow them to opt in to the cookie storage, and you'd be fine without the need for any optional specs like this.

Also, the Google/Chrome situation is a bit of a mess, yes, but also not a blocker at present. They've recently changed tack and left behind their original plans but haven't yet, afaik, provided any clear path forward. Right now, however, CHIPS works fine and allows embedded tools.
平均分: -
回复Jake Dallimore

Re: Moodle support for LTI postmessage

Tom Doesburg -
Hi Brett, Jake,

I understand that there are different options for chrome, but the reason for the LTI spec existing is of course that you can implement the spec and that it then works safely in all platforms that support it. So we're not really keen to create a separate implementation for Moodle. I think for now we'll need to accept that safari is not support on moodle for the time being.
平均分: -