Tier 1: Submission Review, JWKS publishing, Dynamic Registration#237
Open
Tier 1: Submission Review, JWKS publishing, Dynamic Registration#237
Conversation
…registration Add GetPlatformOpenIdConfigurationAsync and RegisterToolAsync extension methods to HttpClient implementing the tool side of LTI Dynamic Registration 1.0 (Task C4). Adds project reference from LtiAdvantage.IdentityModel to LtiAdvantage core (required for the DynamicRegistration models), and from the unit-test project to LtiAdvantage.IdentityModel.
Adds the platform-side LTI Dynamic Registration 1.0 endpoint as an abstract MVC controller base, matching the pattern used by MembershipControllerBase. The endpoint enforces the https://purl.imsglobal.org/spec/lti-reg/scope/registration scope via [Authorize] policy and delegates persistence to OnRegisterAsync, which implementations override to assign the client_id. Includes a TestServer integration test covering the success path (201 + assigned ClientId) and the insufficient-scope path (403).
srijken
force-pushed
the
feature/lti-tier1
branch
2 times, most recently
from
d04342a to
bb05069
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Adds three independently-shippable LTI 1.3 / Advantage features that the library lacked, organized into three tagged phases:
phase-a-submission-review): newLtiSubmissionReviewRequestmessage type,for_userclaim, andsubmissionReviewextension on AGSLineItem. Spec: https://www.imsglobal.org/spec/lti-sr/v1p0phase-b-jwks):JwksControllerBasepublishing/.well-known/jwks.jsonanonymously, backed by anIJwksKeyStoreabstraction with documented key-rotation contract.phase-c-dynamic-registration): POCO models forPlatformOpenIdConfiguration/ToolConfiguration(RFC 8414 + RFC 7591 + LTI extension claims), tool-sideHttpClientextensions for the discovery → registration handshake, and platform-sideDynamicRegistrationControllerBase. Spec: https://www.imsglobal.org/spec/lti-dr/v1p0Test count goes from 47 → 61 (+14 new tests, all passing on net10.0). No breaking API changes — every modification to existing types is purely additive.
Plan and Tier 2/3 deferred-work roadmap are in
docs/superpowers/plans/.Test plan
dotnet teston net8.0 (developed on a box with only net10.0 SDK; local runs are 61/61 green on net10.0)LtiSubmissionReviewRequestround-trips through reference JSONJwksControllerBasepublishes JWKS and does not leak private RSA parametersDynamicRegistrationControllerBasereturns 403 on wrong scope and 201 on the registration scopeHttpClientDynamicRegistrationExtensionssurfaces 4xx response bodies in the exception