Presentation TitleOrg/ Contact

Just Fire LTI at it!Mike Brousseau, Brock University

Me

Mike BrousseauEducational Technologies Developer

Centre for Pedagogical InnovationBrock University

Brock

Brock UniversitySt Catharines, Ontario, Canada

Student Population ~18,688

Objectives

● What?

● Why?

● Basics concepts of LTI

● Available Libraries

● Example Apps

What’s an LTI?

A simple and cheap way to connect your LMS to external tools without complicated

integrations or double authentication.

Via: http://www.edu-apps.org/coding/tool_launch.png

LTI Consumer (LMS)

LTI Provider (Tools)

Two main components of LTI

http://www.google.com/doodles/30th-anniversary-of-pac-man

Why LTI?

● Writing integrations for third-party tools is a nightmare

o Allows for faster and cheaper integration

● Seamless user experience

o Users stay in the LMS while accessing external tools

● Central ITS processes often can’t keep up with great external tools

o Allows easier piloting or small scaling

A Hash of user data and environmental info is sent from the Consumer to the Provider

The Provider verifies the OAuth connection with the sent key and the agreed upon secret

The Provider then allows the Consumer access to it’s resources based on the user and environmental data sent

LTI 1.0 is one way OAuth 1.0 vouching for passing standardized structured data

LTI 1.0

Same as LTI 1.0-Hash is sent-OAuth is verified-Access is granted

LTI 1.1 is two way OAuth 1.0 vouching for sending standardized structured data to the Provider and Grades back to the Consumer

LTI 1.1

But now the Provider can pass Grades back to the Consumer typically based on the user and environmental data initially sent to the provider

jdhancock - Pin Pals - https://flic.kr/p/6qhgF1

Newest version of LTI

Final specs released Jan 2014

Similar initial launch as LTI 1.0 & 1.1

Supports rich and complex REST based two way communication between your Consumer and Provider

Allows provisions space for Providers to store data in your Consumer

LTI 2.0?

Via: http://developers.imsglobal.org/tutorials.html#lti2

What is the Consumer Sending?context_id=Mikes_Test_Coursecontext_label=Mikes_Test_Coursecontext_title=Mikes_Test_Coursecontext_type=CourseSectionext_basiclti_submit=Press to continue to external tool.ext_lms=sakai-2.9-SNAPSHOText_sakai_eid=mbrousseauext_sakai_privacy=visibleext_sakai_role=Instructorext_sakai_server=https://lms.brocku.caext_sakai_serverid=LMS-APP2launch_presentation_css_url=https://lms.brocku.ca/library/skin/default/tool.csslaunch_presentation_locale=en_USlaunch_presentation_return_url=https://lms.brocku.ca/imsblis/service/return-url/site/Mikes_Test_Courselis_person_contact_email_primary=mbrousseau@brocku.calis_person_name_family=Brousseaulis_person_name_full=Michael Brousseaulis_person_name_given=Michaellis_person_sourcedid=mbrousseaulti_message_type=basic-lti-launch-requestlti_version=LTI-1p0oauth_callback=about:blankoauth_consumer_key=47ydhsg6d5taycbdgfoauth_nonce=18346351683108960oauth_signature=ela19juj55e7q1n0slf594f7/V4=oauth_signature_method=HMAC-SHA1oauth_timestamp=1401478569oauth_version=1.0resource_link_description=Kaltura Categoriesresource_link_id=cd52ed80-ccdd-4781-9e6e-5c19c0aca6d2resource_link_title=Kaltura Categoriesroles=Instructor,Administrator,urn:lti:instrole:ims/lis/Administrator,urn:lti:sysrole:ims/lis/Administratortool_consumer_info_product_family_code=sakaitool_consumer_info_version=2.9-SNAPSHOTuser_id=c43a6cbc-bc94-4f6d-acca-c980ef37cb9cuser_image=https://lms.brocku.ca/direct/profile/c43a6cbc-bc94-4f6d-acca-c980ef37cb9c/image

In Sakai 2.9.3 using the LTI 1.1 Spec

Tony Hisgett - Vortex - https://flic.kr/p/2TFRT4

Message Signingoauth_consumer_key=47ydhsg6d5taycbdgf - Agreed plain-text shared keyoauth_nonce=18346351683108960 - Unique value to ensure unique connectionsoauth_signature=ela19juj55e7q1n0slf594f7/V4 - Consumer computed signatureoauth_signature_method=HMAC-SHA1 - Signature hashing methodoauth_timestamp=1401478569 - Signature timestampoauth_version=1.0 - The version of OAuth used

● Check for the agreed key● Record nonce and compare against stored nonces● Check timestamp is within a reasonable window (IMS suggests 90 minutes)● Generate signature based on hashing method (with key and secret) and compare with sent

signature

Oliver Tacke- checked_tick - https://flic.kr/p/jBYsvd

● context_id=Mikes_Test_Course - The name of the course site launching the tool● lis_person_contact_email_primary=mbrousseau@brocku.ca - User’s email● lis_person_name_family=Brousseau - User’s last name● lis_person_name_full=Michael Brousseau - User’s full name● lis_person_name_given=Michael - User’s first name● lis_person_sourcedid=mbrousseau - User’s username● roles=Instructor,Administrator - User’s role in the consumer● oauth_consumer_key=47ydhsg6d5taycbdgf - Agreed plain-text shared key

Basic Info for a Simple Tool

Who they are, what they’re doing here and if they’re allowed to be here.

Basic PHP<?php

require_once 'ims-blti/blti.php'; //Make sure you include the LTI library

(http://developers.imsglobal.org/imsphpexample.zip)

$lti_auth = array('key' => 'key', 'secret' => 'secret'); //The LTI credentials as we know them

$context = new BLTI('secret', false, false); //Build the LTI object with the credentials as we know them

if ($context->info['oauth_consumer_key'] == $lti_auth['key']){ //Check if the correct key is being sent

if ($context->valid ){ //Make sure our LTI object's OAuth connection is valid

echo 'Valid LTI Connection. Output passed data:';

echo '<pre>',print_r($context->info),'</pre>'; //Print out the

passed data

}

else{ //We already checked the key so it's likely the user is using the wrong secret to generate their OAuth

object

echo "Bad OAuth. Probably sent the wrong secret";

}

}

else{ //Wrong key

echo "Wrong key passed";

}

?>

Basic Ruby#Need the basic rubygems and the sinatra gems (for this example) #We must include the ims/lti and OAuth gems (regardless of

environment)

require 'rubygems'

require 'sinatra'

require 'ims/lti'

require 'oauth/request_proxy/rack_request'

lti_auth = {"key" => "key", "secret" => "secret"} #LTI key and secret hash declaration

post '/' do #Define index path in Sinatra

if lti_auth["key"] == params[:oauth_consumer_key] #Check if the correct key is being sent

provider = IMS::LTI::ToolProvider.new(lti_auth["key"], lti_auth["secret"], params) #Build our LTI object with our credentials

if provider.valid_request?(request) #Make sure our LTI object's OAuth connection is valid

"Successful LTI connection made. Here's what we got: <br /><hr />" +params.inspect

else #We already checked the key so it's likely the user is using the wrong secret to generate their OAuth object

"Bad OAuth. Probably sent wrong secret"

end

else #Wrong key

"Wrong key passed"

end

end

Example LTI Apps (built at Brocku)

Etherpad Request Facility

Library Research Guides by Subject

Google maps with custom marker placed by students

Example LTI Apps (Commercial)

Piazza

Via: https://gigaom2.files.wordpress.com/2012/01/piazzascreenshot.jpg

EBSCO Reading List

LTI App Store - Edu Apps

http://www.edu-apps.org/index.html

More?

http://developers.imsglobal.org/ - IMS Standards

http://www.dr-chuck.com/csev-blog/ - Dr. Chuck

http://www.edu-apps.org/code.html - Basic Coding

Thanks

Email: mbrousseau@brocku.ca

Twitter: @mcbrousseau

GitHub: https://github.com/kingmook

Web: michaelbrousseau.ca