← Back to team overview

mahara-contributors team mailing list archive

  1. mahara-contributors team
  2. Mailing list archive
  3. Message #68169

[Bug 2000686] Re: LTI 1.1 misaligned auth after 22.10 upgrade

  Thread PreviousDate PreviousThread Next 
An issue with the 'webservice' auth methods and LTI is that we can have
a a valid 'webservice' auth method on a site even if LTI is not being
used.

The generic 'webservice' instance name can also exist if the site has
webservice tokens generated on the webservice/admin/index.php page under
'Manage service access tokens' section.

Here the 'webservice' auth instance is for checking that the owner of
the token is in an institution that allows webservice access (checked by
there being at least 1 'webservice' auth method for that institution).

So it's not easy / obvious what users need to be switch from one
webservice auth method to another if they are using the generic
'webservice' one.

-- 
You received this bug notification because you are a member of Mahara
Contributors, which is subscribed to Mahara.
Matching subscriptions: mahara-contributors
https://bugs.launchpad.net/bugs/2000686

Title:
  LTI 1.1 misaligned auth after 22.10 upgrade

Status in Mahara:
  Triaged

Bug description:
  Mahara: 22.10.0
  OS: Linux 20.04
  DB: Postgres
  Browser: n/a

  Post an upgrade from 21.10 to 22.10, the LTI auth for an institution
  is misaligned and users can no longer log in.

  Scenario with LTI integrated Blackboard LMS:
  - In 21.10, create an institution1 with 1 LIT auth "Web services"

  - Created 2 enabled registered external apps:
  1. "Blackboard LTI" <- owner was deleted but still exists (i.e. create app then delete user)
  2. "Blackboard LTI Mahara"  <- genuine LTI and owner still exists

  - Crete users in instintution1 with "webservice" auth

  - Upgrde to 22.10

  - All users should be converted to "Blackboard LTI Mahara" as that is
  the valid instance.

  What happens: the users are still linked to the "webservice" auth
  which doesn't have any valid registered apps.

  
  An additional SQL during the upgrade should:
  * update all auth_remote_user records from the old auth to the new auth
  * update all usr records from the old auth to the new auth
  * the old "webservice" auth in the institution should be deleted

To manage notifications about this bug go to:
https://bugs.launchpad.net/mahara/+bug/2000686/+subscriptions

References

  Thread PreviousDate PreviousThread Next