feat: LTI 1.3 Passport Refactor + Database Cleanup Support #627
feat: LTI 1.3 Passport Refactor + Database Cleanup Support #627navinkarkera wants to merge 12 commits intoopenedx:masterfrom
Conversation
openedx-webhooks
added
open-source-contribution
|
Thanks for the pull request, @navinkarkera! This repository is currently maintained by Once you've gone through the following steps feel free to tag them in a comment and let them know that your changes are ready for engineering review. 🔘 Get product approvalIf you haven't already, check this list to see if your contribution needs to go through the product review process.
🔘 Provide contextTo help your reviewers and other members of the community understand the purpose and larger context of your changes, feel free to add as much of the following information to the PR description as you can:
🔘 Get a green buildIf one or more checks are failing, continue working on your changes until this is no longer the case and your build turns green. 🔘 Update the status of your PRYour PR is currently marked as a draft. After completing the steps above, update its status by clicking "Ready for Review", or removing "WIP" from the title, as appropriate. Where can I find more information?If you'd like to get more details on all aspects of the review process for open source pull requests (OSPRs), check out the following resources: When can I expect my changes to be merged?Our goal is to get community contributions seen and reviewed as efficiently as possible. However, the amount of time that it takes to review and merge a PR can vary significantly based on factors such as:
💡 As a result it may take up to several weeks or months to complete a review and merge your PR. |
- Introduce Lti1p3Passport model to centralize LTI 1.3 keys and credentials - Move lti_1p3_internal_private_key, lti_1p3_internal_private_key_id, lti_1p3_internal_public_jwk, lti_1p3_client_id, lti_1p3_tool_public_key, and lti_1p3_tool_keyset_url fields from LtiConfiguration to Lti1p3Passport - Add ForeignKey relationship from LtiConfiguration to Lti1p3Passport - Implement passport-based key generation and retrieval - Add clean() validation to Lti1p3Passport to ensure at least one of lti_1p3_tool_public_key or lti_1p3_tool_keyset_url is set - Update validation in LtiConfiguration.clean() to check for passport presence instead of tool key fields - Refactor get_or_create_local_lti_config() to handle passport creation and sync block/passport key configurations - Update API endpoints to work with passport ID instead of configuration ID - Add admin interface for Lti1p3Passport model - Refactor access_token_endpoint and public_keyset_endpoint to use passport ID - Update API and views to work with the new passport model - Generate migration to remove fields from LtiConfiguration table - Update data migration to copy existing configurations to the new Passport model - Update XBlock to store passport ID instead of config ID - Fix copy-paste issue in resource_link_id generation
* Add signal handlers to delete LTI configurations when xblocks or library blocks are deleted * Ensure LTI configurations are properly cleaned up when associated blocks are removed from the system * Update documentation for LTI 1.3 configuration changes to inform users about potential regeneration of client IDs and URLs when public keys are changed
• Fixed spelling errors (configurtion → configuration, url → URL) • Improved log messages to be more informative • Used more descriptive variable names (id_list → block_locations) • Maintained consistent code style and import organization
navinkarkera
force-pushed
the
navin/fal-4318/split-config
branch
from
c391f5e to
45ce7ac
Compare
navinkarkera
force-pushed
the
navin/fal-4318/split-config
branch
from
08ac0d2 to
7becfcb
Compare
Codecov Report❌ Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## master #627 +/- ##
==========================================
+ Coverage 97.59% 98.22% +0.62%
==========================================
Files 79 59 -20
Lines 6871 6942 +71
==========================================
+ Hits 6706 6819 +113
+ Misses 165 123 -42
Flags with carried forward coverage won't be shown. Click here to find out more. ☔ View full report in Codecov by Sentry. 🚀 New features to boost your workflow:
|
navinkarkera
force-pushed
the
navin/fal-4318/split-config
branch
from
1369128 to
b7c06db
Compare
feanil
left a comment
feanil
left a comment
There was a problem hiding this comment.
@navinkarkera I like the approach of adding a new model for storing lti credentials independent of the blocks, this would obviate the need for external storage and make it easier to re-use storage. I've got a few questions specific to the implementation but I think this is the idea that we should try to land.
@ayub02 a question for you: Should import/export work for LTI blocks from one open edx instance to another? This has not worked before but this change will not really fix that either.
| """ | ||
| Load enough of an xblock to read from for LTI values stored on the block. | ||
| The block may or may not be bound to the user for actual use depending on | ||
| what has happened in the request so far. | ||
| """ |
There was a problem hiding this comment.
TODO: Update this docstring.
| f'Failed to parse main LTI configuration location: {self.location}', | ||
| ) | ||
|
|
||
| def create_lti_1p3_passport(self): |
There was a problem hiding this comment.
This is a get or create in practice right? So let's update the name.
| # Remove private and excluded fields. | ||
| for key in list(object_fields): | ||
| if key.startswith('_') or key in exclude: | ||
| if key.startswith('_') or key in exclude or (include and key not in include): |
There was a problem hiding this comment.
What's the reason for this?
There was a problem hiding this comment.
Just to allow us to include some fields instead of excluding lot of fields incase we only need few of them.
| """ | ||
| Model to store LTI 1.3 keys. | ||
| """ | ||
| passport_id = models.UUIDField(unique=True, default=uuid.uuid4, editable=False) |
There was a problem hiding this comment.
Does it make sense to add a passport_name field now and let the users set it so that when we make this re-usable they will already have human readable names and we can show them to the user? Also currently these settings have no scope. Since we're newly introducing it, does it make sense to make it scoped to a context key of some sort to begin with?
There was a problem hiding this comment.
Does it make sense to add a passport_name field now
Yes, good idea!
Since we're newly introducing it, does it make sense to make it scoped to a context key of some sort to begin with?
Makes sense. Should we worry about them being used out of context for now? Like if you copy and paste in different courses, they will be using the same passport.
There was a problem hiding this comment.
About passport_name:
- Should we make this field unique in combination with the context_key?
- We'll still need passport_id as it needs to be unique across the table.
There was a problem hiding this comment.
Should we also be dropping these fields from the xblock at the same time? We're not really using them for storage as much as to make it easier to use the old studio block rendering helper. Since we're redoing the frontend, do we need those fields to exist on the block? @rpenido perhaps you're the right person to answer that question?
There was a problem hiding this comment.
- We are moving them (including existing data) to passport model.
- AFAIK, the frontend doesn't really depend on the database models.
| for configuration in LtiConfiguration.objects.all(): | ||
| try: | ||
| block = load_enough_xblock(configuration.location) | ||
| block.lti_1p3_passport_id = str(configuration.config_id) |
There was a problem hiding this comment.
Shouldn't this be the lti_1p3_passport.id ? Should we also need to add a field for the LtiConfiguration to the block?
There was a problem hiding this comment.
We use config_id as passport_id in migration as we want the existing blocks to work without requiring any change in the LTI tool configuration. After this PR, passport_id is included in the access_token and keyset urls instead of config_id.
4 participants
Description
Split LTI 1.3 Configuration into Passport Model
Lti1p3Passportmodel to centralize LTI 1.3 keys and credentialslti_1p3_internal_private_key,lti_1p3_internal_private_key_id,lti_1p3_internal_public_jwk,lti_1p3_client_id,lti_1p3_tool_public_key, andlti_1p3_tool_keyset_urlfields fromLtiConfigurationtoLti1p3PassportForeignKeyrelationship fromLtiConfigurationtoLti1p3Passportclean()validation toLti1p3Passportto ensure at least one oflti_1p3_tool_public_keyorlti_1p3_tool_keyset_urlis setLtiConfiguration.clean()to check for passport presence instead of tool key fieldsget_or_create_local_lti_config()to handle passport creation and sync block/passport key configurationsLti1p3Passportmodelaccess_token_endpointandpublic_keyset_endpointto use passport IDLtiConfigurationtableresource_link_idgenerationSupport Database Cleanup for Deleted Blocks
pre_item_delete(block/children).Related
Test instructions
lti_1p3_tool_keyset_urlin one of the xblocks and save. This should create a new passport entry instead of modifying the original one to avoid changing other block.