Getting custom parameter for D2L LTI launch

Question

We are trying to include user's id as part of LTI launch payload in D2L.

This is what we are getting as the user_id field:

{
    "user_id": "0d45101e-230a-4c06-9008-0024a52038fc_1914"
}

We only want the last DB id field portion. In the attempt to include it as a separate custom parameter, we found that there's doesn't seem to be a very good way to do that, other than checkbox options for allowed params. Is there a way to achieve that?

Creating new custom link seems to have the option to provide the custom parameter. But looks like there are mostly for hard-coded values and can't seem to find template form to provide dynamic values there.

Otherwise, only another fallback option for us is to parse this id and get the last part as our desired identifier, which is our last choice.

Any help/suggestions are appreciated. Thanks!

Answer 1

Your assumptions are correct, this cant be done. the system user ID is not sent with the LTI request, other than in the user_id field as you already know. Custom parameters are indeed hard-coded and cant be used to send dynamic/per user data. This has been asked before with no answer How to Assign Dynamic Values to Custom Parameters in D2L Basic LTI

Splitting the user_id field on the underscore to extract the system user ID is the only option.

Answer 2

You're correct that there is currently no supported way to get the Brightspace user ID value to be transmitted in an LTI launch message. However, there is a way around this problem; you can use the Brightspace APIs. Because all LTI launches are mediated by a user's browser, your LTI tool can "know" that the browser's user has an active session with Brightspace.

If your LTI tool is also registered (within Brightspace's Manage Extensibility application registry), then you can, when receiving a launch, use the whoami API route to get basic user information about the launching user (including their Brightspace user ID). The extended Remote Plugins walkthrough in the Brightspace developer docs shows you, Python, the general way you can do this; it's an old example, but in general, the method is still workable.

Effectively, your LTI Tool needs to expose another endpoint that it can use to receive authentication tokens from Brightspace, and, the first time that a user does the LTI launch, they'll be prompted to agree that your LTI Tool has access to their data (make API calls on their behalf).