LTI and Moodle

Note that LTI is a standard that can be used to launch a tool from any LMS. So, you should not ask "Does Moodle ...", you should ask "Does the tool consumer ...".

Of course, Moodle is free, so I guess it is a useful option to test the tool you are developing with.

The whole point of LTI is that the user will not be prompted again to log in. I should appear seamless.

My suggestion to help you understand this is to find a existing (free) LTI tool, and connect it to a test Moodle install (you could use the test site at https://sandbox.moodledemo.net/). Then go in as a student and launch the tool, while watching the Network tab in the web browser developer tools. That will show you what then launch is.

I don't know of a good free LTI tool to recommend for testing this, but while I was searching for one, I fould this, which might be helpful: https://github.com/SanDiegoCodeSchool/lti-node-example

Building on Tim's tips:

• Yes, Moodle follows the auth flow in the spec you referenced
• Yes, the user is typically already authenticated/logged-in on the Moodle/platform side when using an LTI tool (external tool) and it isn't common for the user to manually login to the tool separately as part of the LTI 1.3/OIDC flow
  
  • The tool still controls what's required after successful LTI auth in order to interact with the requested tool resources/content/etc.
  • Example: the LTI resource request sent after the LTI auth will include user data. This data can be used to create a user account on the tool side, lookup/find an existing user, assign the right role/capabilities to a user, etc. But perhaps something else is required, like tool-specific profile info or a tool-specific code to access a resource, before the resource can be served. The tool would handle these situations with direct user interaction.
• Even with the public standard/specs, tool can't assume every standard LTI 1.3 request or situation will be handled perfectly by every platform, even when intent is there. Sometimes there's a tool issue, sometimes a platform issue.
  • Suggestion: Test the tool on multiple platforms before a prod launch - or at least test it on the platform(s) your customers/prospects will be using most frequently - Moodle, Canvas cloud or community, D2l/Brightspace, Schoology, Blackboard,etc. 
• Any mention above of platform = LTI tool consumer, but not oAuth/OIDC consumer.  LTI 1.1 uses tool consumer, 1.3 uses  platform to avoid conflict with the oAuth/OIDC consumer - more info here

Hope it goes well!