LTI Launch Authentication with Node.js Code Answer

Hello Developer, Hope you guys are doing great. Today at Tutorial Guruji Official website, we are sharing the answer of LTI Launch Authentication with Node.js without wasting too much if your time.

The question is published on by Tutorial Guruji team.

I have created a simple ‘hello-world’ web app using express.js framework.

I want the app to be IMS-LTI Compliant so that moodle and other Learning Management Systems can launch it as an external tool.

However, I do not understand how to authenticate the LTI launch in my app (it uses oauth), and I cannot find any express.js/node.js examples of how it’s done either. I see that a passport-lti node module exists (https://www.npmjs.org/package/passport-lti), but as a noob with node I just don’t understand the sparse documentation.

I have used passport.js to create local authentication – using this video (https://www.youtube.com/watch?v=twav6O53zIQ), I was hoping for similar help for the LTI launch authentication…

Any help is appreciated.

Cheers,
Ollie

Answer

When an LTI Tool Consumer (i.e. an LMS) launches an LTI Application (Tool Provider) The LTI Tool is sent an HTTP Post.

In order to authenticate that the post is legitimate, you need to verify that the post variable ‘oauth_signature’ is valid by recomputing the signature locally using the shared secret key that you exchanged with the Tool Consumer when the LTI tool was configured.

The act of verifying the OAuth signature is likely handled by an OAuth library .. nodejs already has these, so please don’t reimplement one.

You can read the full process of validating the launch request in the IMS Global documentation

We are here to answer your question about LTI Launch Authentication with Node.js - If you find the proper solution, please don't forgot to share this with your team members.

Related Posts

Tutorial Guruji