I'm working with lti1.3 to build a lti tool which can be then integrated to many LMS platforms

Question

I have the client details that is get created on moodle. Also I did hit the https://localhost/mod/lti/token.php api and get the bearer token.

I wanted to get the user details but not able to figure out where I can find them. I'm confused if it has something to do with the scope as I didn't provide anything in the scope and send the request. I did commented the scope section in token.php file to get the output as I'm not sure what exactly I have to send in the scope.

This is the api I hit from the postman after creating the JWToken manually. token.php api

Also, what is the use of https://localhost/mod/lti/auth.php api. Please tell me about these things.

Answer 1

I would suggest reading the section of the IMS security framework that explains the OpenID Connect Launch flow. This will help you understand the purpose of the mod/lti/auth.php endpoint.

With regards to user details, you'd normally get these one of two main ways in LTI 1.3:

1. Via the JWT the tool receives as part of a Resource Link Launch. See the section of the LTI 1.3 core spec describing user identity claims.
2. Via a service call to the Names and Role Provisioning Service

If you're making a service call to the NRPS service, you need to make sure you request a token with the relevant scope: 'https://purl.imsglobal.org/spec/lti-nrps/scope/contextmembership.readonly'. See the Scope and service security section of the specification.