Security News
JavaScript Leaders Demand Oracle Release the JavaScript Trademark
In an open letter, JavaScript community leaders urge Oracle to give up the JavaScript trademark, arguing that it has been effectively abandoned through nonuse.
Validates and parses LTI launch requests.
With caccl-lti, it's easy to enable LTI launches from Canvas. We'll take care of parsing and verifying the validity of launch requests.
Canvas
App
Complete
Connection
Library
Quickstart:
const initLTI = require('caccl-lti');
initLTI({
app: /* express app with express-sessions enabled */,
installationCredentials: /* { consumer_key, consumer_secret }*/,
});
The app will now be set up to accept LTI launches at /launch
. See "Launch Parsing" below to find info on parsed launches.
When initializing caccl-lti, you can pass in many different configuration options to customize caccl-lti's behavior or turn on/off certain functionality.
Note: configuration options are optional unless otherwise stated
Config Option | Type | Description | Default/Required |
---|---|---|---|
app | express app | express app to add routes to | Required |
installationCredentials | object | LTI consumer credentials of form: { consumer_key, consumer_secret } | Required |
launchPath | string | path to accept launches at (new express POST route added) | /launch |
redirectToAfterLaunch | string | path to redirect to after successful launch | same as launchPath |
nonceStore | NonceStore | a nonce store to use for keeping track of used nonces | memory store |
disableAuthorizeOnLaunch | boolean | if false, redirects to authorizePath after launch is validated and parsed (and includes redirectToAfterLaunch) as the 'next link so that caccl-authorizer redirects to redirectToAfterLaunch after finishing authorization | false |
authorizePath | string | the authorization path (as set up by caccl-authorizer, required if disableAUthorizeOnLaunch is true | null |
Launches are automatically parsed and added to session. To retrieve launch info, see the req.session.launchInfo
variable, which has the following properties:
For more detailed information, see Canvas' LTI documentation.
Property | Type | Description |
---|---|---|
userId | number | Canvas user id of the person who launched the app |
userLoginId | string | Canvas login id (e.g., university id) |
userEmail | string | the user's primary Canvas email (changeable in user's profile) |
userFirstName | string | the user's first name |
userLastName | string | the user's last name |
userFullName | string | the user's full name |
userImage | string | link to user's image |
isInstructor | boolean | true if the user is an instructor in the launch course |
isTA | boolean | true if the user is a teaching assistant in the launch course |
isDesigner | boolean | true if the user is a designer in the launch course |
isCreditLearner | boolean | true if the user is a for-credit learner (student) in the launch course |
isNonCreditLearner | boolean | true if the user is a not-for-credit learner (student) in the launch course |
isLearner | boolean | true if the user any type of learner (student) in the launch course |
notInCourse | boolean | true if the user is not enrolled in the course |
extRoles | string[] | list of extended Canvas roles |
roles | string[] | list of basic Canvas roles (outdated) |
locale | string | user locale (e.g., "en") |
Property | Type | Description |
---|---|---|
timestamp | number | launch timestamp (ms) |
contextId | string | LTI launch context |
launchPresentationTarget | string | LTI launch presentation target (e.g., "iframe") |
iframeWidth | number | iframe width (if applicable) |
iframeHeight | number | iframe height (if applicable) |
returnURL | string | LTI return URL |
launchAppTitle | string | the title of the resource link (app title) |
customParams | object | mapping (key => value) listing all custom launch parameters and their values |
Property | Type | Description |
---|---|---|
courseId | number | Canvas course id of the launch course |
sisCourseId | number | Learning Information Services identifier for the course offering |
enrollmentState | string | Canvas enrollment state (e.g., "active") |
Property | Type | Description |
---|---|---|
contextLabel | string | the name of the launch context (e.g., course name) |
canvasHost | string | host of the launch Canvas instance |
workflowState | string | Canvas workflow status (e.g., "active") |
FAQs
LTI launch validator for IMS-LTI standard launches.
The npm package caccl-lti receives a total of 45 weekly downloads. As such, caccl-lti popularity was classified as not popular.
We found that caccl-lti demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
In an open letter, JavaScript community leaders urge Oracle to give up the JavaScript trademark, arguing that it has been effectively abandoned through nonuse.
Security News
The initial version of the Socket Python SDK is now on PyPI, enabling developers to more easily interact with the Socket REST API in Python projects.
Security News
Floating dependency ranges in npm can introduce instability and security risks into your project by allowing unverified or incompatible versions to be installed automatically, leading to unpredictable behavior and potential conflicts.