. /** * LTI 1.3 login endpoint. * * See: http://www.imsglobal.org/spec/security/v1p0/#step-1-third-party-initiated-login * * This must support both POST and GET methods, as per the spec. * * @package enrol_lti * @copyright 2021 Jake Dallimore out(false), // Resource link launches. (new moodle_url('/enrol/lti/launch_deeplink.php'))->out(false) // Deep linking launches. ]; // This code verifies the target_link_uri. Only two values are permitted (see endpoints listed above). if (!in_array($targetlinkuri, $validuris)) { $msg = 'The target_link_uri param must match one of the redirect URIs set during tool registration.'; throw new coding_exception($msg); } // Because client_id is optional, this endpoint receives a param 'id', a unique id generated when creating the registration. // A registration can thus be located by either the tuple {iss, client_id} (if client_id is provided), or by the tuple {iss, id}, // (if client_id is not provided). See https://www.imsglobal.org/spec/lti/v1p3/#client_id-login-parameter. global $_REQUEST; if (empty($_REQUEST['client_id']) && !empty($_REQUEST['id'])) { $_REQUEST['client_id'] = $_REQUEST['id']; } // Before beginning the OIDC authentication, ensure the MoodleSession cookie can be used. Browser-specific steps may need to be // taken to set cookies in 3rd party contexts. Skip the check if the user is already auth'd. This means that either cookies aren't // an issue in the current browser/launch context. if (!isloggedin()) { cookie_helper::do_cookie_check(new moodle_url('/enrol/lti/login.php', [ 'iss' => $iss, 'login_hint' => $loginhint, 'target_link_uri' => $targetlinkuri, 'lti_message_hint' => $ltimessagehint, 'client_id' => $_REQUEST['client_id'], ])); if (!cookie_helper::cookies_supported()) { global $OUTPUT, $PAGE; $PAGE->set_context(context_system::instance()); $PAGE->set_url(new moodle_url('/enrol/lti/login.php')); $PAGE->set_pagelayout('popup'); echo $OUTPUT->header(); $renderer = $PAGE->get_renderer('enrol_lti'); echo $renderer->render_cookies_required_notice(); echo $OUTPUT->footer(); die(); } } // Now, do the OIDC login. $redirecturl = LtiOidcLogin::new( new issuer_database(new application_registration_repository(), new deployment_repository()), new launch_cache_session(), new lti_cookie() )->getRedirectUrl($targetlinkuri, $_REQUEST); redirect($redirecturl);