Within "Manage External Learning Tools" D2L provides the ability to define custom LTI parameters. I created such a parameter, and I now want to assign a dynamic value to the customer parameter via JavaScript prior to posting the request to the 3rd party provider.
For example, the user_id LTI parameter is assigned the D2L-only user ID value which does not align with the campus-wide authentication. However, it is possible to get the campus-wide user ID via JavaScript, and I would like to assign this to a custom LTI parameter like custom_campus_user_id.
Thank you in advance.
If you go to External Learning Tools at the org, and go into Settings (v10) or Configure Tool Consumer Information (v9.2 – v9.4.1), there are three checkboxes for allowing the D2L defined user fields to be passed in an LTI link as custom parameters. It appears it is system username that contains the value you are looking for.
Related
My rails API application allows a user to make POST API requests to create a credential through a namespaced endpoint (i.e. ~/api/v1/credentials). I'm working now to allow the creation of a credential through the HTML view (~/credential/new), but for business reasons, we need a specific parameter for credentials created through the HTML view that isn't necessarily required through the API.
For example, let's say the parameter in question is cell_number. An API user may not need to provide a cell number, but every user who creates a credential with the HTML view must provide one.
Since both the API and the HTML version rely on the same model, how would one go about doing validations for different criteria through the API vs the HTML version? Or am I over complicating this and should look at another option entirely?
I am using 2 Oauth services in my website. They both send back a query parameter called code. And I use a custom function to grab that code field when my page loads. Do OAuth services have a way you can change that code field to be custom? I am using Google OAuth for one and I am unable to locate this.
No, the standard specifies that the query parameter is named code, so there's no way to name them differently.
But the client can add a state parameter to the authorization request, which the authorization server has to return with the code. You can use that parameter to distinguish between the two authorization requests.
I am calling a webpage from an external webpage and I am passing a user id with the call (http://localhost:54697/?position='position'&user='user'). What I want to do is I want to put the user into an authentication process using the request variable.
It is a good place to do it at global.asax.cs/Application_Start() ? If so, is there any way to pass a request variable into it?
Or is there any suggestion?
UPDATE:
The external site has the credential info that is needed for my site's authorization. Shortly, I have a system on which I can go through several other websites via menus. One menu link will go to this (http://localhost:54697/?position='position'&user='user') Asp.Net MVC web site. Whenever the user clicks to the link, a userid will be sent through the link. Based on the userid I will go through an authorization
process on which I will check the userid and show menus based on the roles associated with the userid. In the controller I can get the userid
however, I do not want to check the roles in every controller. Whenever the link is clicked I want the system to go through a role provider and assign the roles associated with the userid and place role annotators to the controllers. As stated above I am not sure if it is a good place to do it at global.asax.cs/Application_Start() ? If so, is there any way to pass a request variable into it? Or Can I use the constructor of the controller for this purpose?
I'm thinking through how to open an endpoint to my customer so he/she can trigger changes in their model from an external website (aka an API i think?)
I plan on creating an action in my controller where I skip authentication and authenticity token check. I would create a long random string to give to my customer so when they submit a POST request, they would include the random string in the params to confirm identity.
Is this a secure way of doing what I'm trying to do? Is there another/better way of doing this?
I just want my customer to be able to pass me values and my app take actions based on these values.
what you are talking about is usually called client token authentication.
i use it for my app as well: https://github.com/phoet/on_ruby/blob/master/app/controllers/api_controller.rb#L23-L29
my implementation uses a header-field to exchange the token.
if you want to have a more sophisticated variant you should look at oauth.
in terms of security, you might take additional measures by whitelisting ip ranges etc.
of course, use SSL connections only!
Is there a valence API which can be used to get the list of locale IDs from D2L site. I am using the API to create course which requires an input of LocaleID and I am trying to build some logic which can transform the locale stored in my system to that of D2L system.
Unfortunately, there is not currently a Valence API to retrieve the list of locale IDs together with locale names and other meta-data. Additionally, it's possible that only a user with the permissions to use the Locale Management admin tool will be able to provide you with the locale IDs that you'll want to use in your calls.
The admin user can go into the Locale Management tool to view the list of locales, click on one to select/edit it, and then, look in the query URL to see what the value of the id parameter is: this should be the locale ID.