Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

OidcAuthenticator response is send to target_link_uri instead of redirect_uri #160

Closed
martinclaus opened this issue Mar 8, 2023 · 2 comments · Fixed by #199
Closed

OidcAuthenticator response is send to target_link_uri instead of redirect_uri #160

martinclaus opened this issue Mar 8, 2023 · 2 comments · Fixed by #199
Assignees
@wazelin

Comments

@martinclaus
Copy link

According to the LTI 1.3 specs, the out-of-band registration process includes registration of redirect uri provided by the tool. The authentication response shall be send only to one of those uri. The specific uri is provided by the tool via the redirect_uri parameter in the authentication request.

However, OidcAuthenticator is sending the authentication response to the target_link_uri, which is the uri to which the tool is supposed to redirect the user after validating the authentication response.

lib-lti1p3-core/src/Security/Oidc/OidcAuthenticator.php

Line 120 in d525604

$originalToken->getClaims()->getMandatory(LtiMessagePayloadInterface::CLAIM_LTI_TARGET_LINK_URI),

@martinclaus martinclaus mentioned this issue Mar 8, 2023
Draft
@isl-dbouman
Copy link

Ran in to this same issue, this is what fixed it for me:

Replace
$originalToken->getClaims()->getMandatory(LtiMessagePayloadInterface::CLAIM_LTI_TARGET_LINK_URI),
With
$registration->getTool()->getLaunchUrl(),

@mk-kialo
Copy link

mk-kialo commented Aug 1, 2023

We also have the same issue. @isl-dbouman do you maybe want to create a PR for this?

wazelin added a commit that referenced this issue Jan 27, 2025
@wazelin
fix: #160 redirect to the actual redirect_uri after verifying that it…
1c83943 
… matches the registered tool host
@wazelin wazelin mentioned this issue Jan 27, 2025
Merged
wazelin added a commit that referenced this issue Jan 27, 2025
@wazelin
fix: #160 redirect to the actual redirect_uri after verifying that it…
6e7d9b0 
… matches the registered tool host
@wazelin wazelin self-assigned this Jan 27, 2025
wazelin added a commit that referenced this issue Jan 27, 2025
@wazelin
fix: #160 redirect to the actual redirect_uri after verifying that it…
b113434 
… matches the registered tool host
wazelin added a commit that referenced this issue Jan 28, 2025
@wazelin
Merge pull request #199 from oat-sa/fix/TR-6465/redirect-from-pltform…
8d8d215 
…-launch-authentication

fix: #160 redirect to the actual redirect_uri after verifying that it matches the registered tool host
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@wazelin wazelin

Labels
None yet
Projects
None yet
Milestone
No milestone
4 participants
@wazelin @martinclaus @mk-kialo @isl-dbouman