 Hello everybody. So this is going to be a talk on LTI. We just mentioned a few here and mostly on LTI one free Which is a new version. So just who knows LTI in the room? All right, that's pretty good. Okay, so we're gonna cover there and let's go with this 20 minutes is not that much So really the advantage is bring your tools in the standards way because LTI is an open stock is a standard Education or standard so well just a few words about me. My name is Claude verveur I am an application architect in the integration team at signage, which is a course where publishers I am also The co-chair of the one attack, which is a new name of IMF global LTI meeting LTI working group And I'm a little contributor on the model T. I plug in because we decided it to integrate better Do a better LTI than a new plug-in. So we try to improve on the model T. I as much as possible All right, so let's go there. So LTI means learning tool Interability right so interability to what right interability to learning platforms So that means your learning tool can interpret with learning platforms or learning platforms just also known at least in the US a lot like learning management systems and Obviously like wood all but when you do an LTI tool you build it so that you can also use it in other LMS Is as well right because it's a standard so that the whole point of it as a tool you build it once and you mostly Deploy it everywhere mostly All right, so so the idea of the LTI is really to take an external tool and Move it inside and feel it like it's internal Right, and it does that for too many mechanics. The first one is the LTI lunch So they move from your platform to the tool and passing the context of it over the context of the course And then your tool can communicate back with the learning platform through a set of LTI API Right, and I just can quickly show that in the idea here Here is one of our tools in Moodle, and I'm gonna click on it And cross my finger because that's my that's our curious ever so and you see here it's opening up and it's loading the content and it's gonna be a quiz if all goes well and Yeah, it looks like it's gonna be working So you see the quizzes in line in inside the Moodle course, but it's an external tool, right? It's also elsewhere, but it feels internal and it's built using a standard What we've built here for Moodle would work the same way in other learning management systems All right, so go back here So LTI actually has been around for a long long time But it was getting old it was built on O of 1 O security principles Which has been deprecated for quite some time. So basically it was kind of due to be Not back but to the future that is brought to the present So LTI 1.3 is all about bringing taking the LTI functionalities But we renovating the world security stack to bring it to the current norms of the web mostly open ID O of 2 those kind of things so it's really been moving from O of 1 O shared secret deprecated to To the to those new set of the current web security So the one first thing for example, there is no more Shared secret Everybody just exposes their public keys. So that's one of the security Principle here. So what we see here is that my Moodle I'm gonna use for demo this Moodle Exposes its publicly to a well-known endpoint. That's the public key So anything coming from this Moodle will have to be signed and verified using this public key Everybody can get the public key, but that's how us at Senged we know this is coming from this site Because it's signed by this site, but when we send a request back to Moodle We sign it with our private key, but we also expose on our side our public keys So that's each site exposes exchanges their public keys and points. So that's one of the security of LTI advantage So obviously The ability to move from a learning platform to a tool that starts first by sharing identity You want to know who's the user user user your lunching so it's all start with some kind of SSO So LTI has always been seen as some kind of single sign-on mechanics where you're in the learning platform your lunch in the tool You don't have to log in in the tool. You're just right there in the tool So to do that the new way to do that is obviously well is to use open ID So LTI advantage is a profile of open ID So a quick recap about how open ID works Usually not in LTI in open ID. You have a web app. You say I want to log in We want to you again using Google or whatever you go to the authentication provider You make an authentication request there you log in you give whatever and then it comes back To your to your web application for your authentication response and this is what is called an ID token Which is a JSON web token, which contains identity information about the user. So that's open ID in a nutshell And so LTI is is using that but it's a little bit different than your traditional web app Why well basically that's what's in the ID token user ID names email those kind of things, right? so It was LTI way is different is that so user doesn't go to the learning tool first it goes to Moodle first So there is a new face called living initiation where Moodle is going to say to the tool Hey, someone wants to get in and that's going to initiate the open ID flow So that's why you have this login initiation URL, which is part of the open ID specification to say to nudge The learning tool say hey, someone's want to get in initiate an open ID flow to get the user in And what we see here also is that the ID token It's actually quite bigger, you know compared to the previous one And that's why is it so big because When you want to transfer from a course to a learning tool just sharing identity is not enough You need to bring more context and that so you need obviously to give you as a user information Which comes from the open ID claims But you also need to know to give the context in which from which course are you launching? So you give context information But you also need to say which wall is this user in this context So this is a student launching in this course and this is the idea of that student And also which activity are you trying to go to so another piece of the payload is where you want to go And additional things like well, how will I pass a grade back? Well, this is the endpoint how well you will pass a grade back for this activity So all of that is packaged together within an extension of the ID token So it's the same ID token, but additional claims in the ID token which are defined through the LTI name space So there is more to it. That's why it's way bigger than the ID token. It is an ID token, but with a lot more data into it So, yeah, that was a phase about the really that's what is LTI one free the core mechanics of the LTI launch Well now when you how you want to bring a link to your learning platform You really don't want to bring just one link to your tool you want to bring a link to your chapter one to your Simulation to your specific essay to so so what I mean by that that you need more than one link To to go to you. You want some kind of deep linking that goes to specific Activities that you host in your tool and how do you bring those links into the system? When there is another part of the LTI specification called deep linking And deep linking I like to add the name picker flow It's not just for picker But it's a flow that is defined the specification to go to the tools not to launch something But to grab something and bring it back in when you're building your course So that's a deep linking flow And so here's the deep linking flow Work says that you're in your course and you say you want to add something and you're making an LTI request But the LTI request is specifically saying I'm a deep linking request. I want to pick something So then you go to the tool and the tool can render its own UI to pick something You don't have just to pick something you can create something it's the choice of the tool you learned it in the tool The tool is there you select something you create something but at the end what you must do is return the selection Of links to be added of LTI links to be added in the course So that's that's a UI flow. What? I don't like that Okay, but that um again, that's a deep linking flow and uh What's really important understand here? It's not a web service. It's a UI flow again You're moving UI to the tool to pick something and in the return from that back to the lms You carry is what you've selected so I can do a quick demo on that So here let's say I go back To my course and I want to add additional stuff in here All right, so I'm going to turn editing mode on I go back here External tool and I'm going to pick Content here and That's my fingers and here we go. So with different kind of product. Okay. I want to add deep links in that product So I'm going to select my content and then now so you see this UI here Obviously, it's not model UI. That's our UI a tool could do whatever they want here They could do assessment building tool Anything you want but here in our view we have we let you We show some kind of picker and you can say, okay. I want to add As a chapter one for reading and this I want to add You know, I want to add this one here also So you make a few selection And so once you've made the selection what's going to be returned to the lms is a lti links definition To link back to those resources And it's also going to say if those activities are graded or not So that Moodle can create a great book column for the sun note depending if they're ready or not. So I'm going to say continue Let's say save and this is where it's packaged up There's a web token is sent to Moodle and now since 311 Moodle lets you return more than one at a time So here Moodle is making a quick summary of this is the feelings you're going to add to your system and you see One of them is graded And I'm going to say save and return to course and those course those things are added to my course So that's the deep linking flow how to add content to a course Using it's there right there So that's the deep linking connection Right So that's it. That's an example of the payload you that's returned. So you see here you give a specific URL The line item section here is telling you line item means it's a fancy name for great book column So as you say this will need a great book column and worth 87 points And I'm adding identifiers because when I'm going to use the api I'm going to use those identifiers to find back those great book columns So as a tool I'm giving specific identifiers And there is and here we don't see here I say I'd prefer this to be displayed in an iframe because a tool can never be displayed in an iframe or a new window And as when you import your content you can say this one prefer in an iframe This one I would prefer in a new window Right Okay, so that's all about lunches and creating lti lunches But what about lti services? So I mentioned lti service so that we move towards the new stack of of technology So obviously we use o of 2 so o of 2 just again a quick Reminder the first thing you need to you to use o of 2 you need to have an access token an authorization token So the first thing you need to do as a tool is go ask for that token So how that works is that you make what is called a jot assertion Which is I am this tool and you sign it with your private key you send that To to the authorization endpoint which is going to verify you are that tool because it's because I'm at show publicly And therefore once it validated you you're also asking for scopes and scopes are basically what you want this token to be able to do The permissions you want to be given to that token So you say okay, hey, I am this tool and I want to be able to send a grade to the great book So you ask that and you see here This it's called client credentials in o of that means Usually no off you as a user you get prompted. Do you authorize this tool to do this? Do you authorize this tool to do that? But with client credentials the user is not prompted To to to give the other agreement because the trust is between the platform and the tool it doesn't involve the end user So in that case here, so the platform will just give the token. It doesn't have to interact with the end user Okay, so it's going to return the token Which is as a time to leave and as a set of scope which may differ from the scope you asked Because you may ask a bunch of things, but at the end you may get less So here you have a token valid for usually an hour that you can use for all for this for these services that have been scoped to that to that to that token and It's not bound to a user That means you can use it across all the all the all your courses or the requests you need to do You can use the same token as long as that does the right scope Right, so that's the mechanics how to get a token and then what kind of services do we have in lti? Well Yeah, also I forgot to mention If you if you have a service that's fine, but how do you know the api endpoint to to call the service? Right and those are actually given to you into the lti payload every service that you can access Will you will be given in every lti lunch the endpoint of that service? So it's basically kind of a run at runtime you get to know the end the end point So here we see that's an that's part of an lti lunch and you say you to send a grade This is a url. You're gonna use to send a grade. So that's part of the lti lunch So now you have you know how to get the token You know the url. So we'll see what the service is about. So this service here is One of the most important one of the two It's assignment and grade services Which is really your interaction from a tool to the grade book Because usually the first things you want to do as a tool is return a grade of some kind of some outcomes Back to the year learning platform. So here we see here So what you can do is assignment and grade service is that you can send a score So and but you the score can is more than just a great value can also have Statuses in progress completed those kind of things Moodle doesn't really use those Statuses just yet But you can see in the future that you can start showing a needs grading and have the ability to go back To to the tool for the grading So that's that and then it's also exposed online item service, which is more a way for a tool to get Understanding of the great book columns now. So not only can know the great book columns We can add Programmatically new great book columns. It's a great book when we say give me my great. Give me the great book columns You can only see yours. It's sandbox. You cannot just see the full great book You see your tools columns only your sandbox to your data You cannot see So you cannot build a general purpose great book on that you see my tools columns And so you can find it you can post grade into them you can create new ones if you need so So that's through the uh Line item api. So assignment great services. That's two things posting scores and managing great book columns and there is one Service that i'm not going to demo here, but it's a course roster which is also a really only way to get all the rostering of the Of the course of the current course of the current context So you get to know all the users and all their roles Which is quite useful because with the order lti You had to wait for user to click on the link to discover the user But now with these names and roles You can just discover the user all the users of the course upfront on first launch from the instructor or from any user and so Well, that's okay and so We've talked here about all the scan of data that's required to establish an lti 1 3 and it's a bit more than it used to be with lti 1 1 because you need to Everybody needs to expect to exchange their public keys because it's jwk You need to exchange your registration data and a bunch of other piece of data here That makes the things a bit harder to configure when you're doing an ati advantage That's why there is um A new One new as there is a New specification for dynamic registration, which actually lets you Have the both sides communicate and exchange that data very easily by just pasting a url into Into the Into moodle so I can demo that to you also Yeah, that's also. I think it seems 311 So i'm gonna log out here Who knows who this guy is Yes That is there so that nobody messes with this moodle I go to site administration And plugins and external tools And you see there is this box here and it's all called add lti advantage add legacy lti That's for lti 2 and also some But if you know lti 2 you just forget about it like it never existed I think it's people everybody raising the the word lti 2 from anywhere with us where it existed so But here i'm gonna paste a Test tool called robot test And i'm gonna paste this url here, which has a so that's the place to that's the um Endpoint for automatic registration. I'm gonna say add lti advantage And the thing is that with with 311 This is actually a bit of an improvement is that you when you try to do dynamic registration of the tools that's already Deployed it's going to ask you do you want to do a new deployment or you just want to update the current deployment So you can use dynamic registration not only for deployment But for updates in in place But here i'm gonna say i'm gonna just register as a new tool And you see it's gonna go And It went it worked. Okay. So the rubo is happy and what we see here is that all the information that direction from both parties So that's moodle exposing exposing its attributes that's and then there is a This tool saying okay, this is who i want what kind of services i want my urls and everything And finally moodle is going to respond with a client ID, which is going to finalize the registration And when all of that is done You can send a windows post message And it's gonna go back to moodle and one last thing is that because for security reason Isn't when after dynamic registration a tool is not activated. It's waiting for the Admin to activate it so you can go back and actually revisit what has been Pushed by the tool in case you want to overwrite some security like the tool say i want to names and roles When you say well, I want to see email and say well, no, we're not going to let you see email So you can go revisit that and and just and then after when you're happy you can activate and the tool is made available so that's dynamic registration, so kind of easy because LTI advantage it's not that many things but it's copy pasting but it's amazing how copy pasting could go wrong all the time This is just So, yeah Oh, yeah, yeah, yeah, I'm gonna go there. So at the advantage is just to just Assumerize that it's a bundle of all those things as far as we have advantage or one free advantage is just to say this is all of that together And yeah, there are a bunch of stuff on on the work on the moodle mod LTI plug-in So I encourage you to look at that and finally The slide is here if you want those slides Um, is our next presenter in the room Anders any questions for cloud? This is specific to LTI But with the browsers getting a lot more secure with cookies What's happening with the LTI token? Yeah, that's the elephant in the room, isn't it? So I think there are multiple answers on the cookie on the cookie issue Uh, so the first one is that LTI MS global wanted tech has been working on the proposal for to replace cookies with some kind of javascript mechanics to sand state to the parent window of the Of the LMS so basically what what what this means is that as a tool you could push some state into moodle Move to the next page and get it back from moodle and that's actually in There is a tracker item for that. It's this one here Um In in moodle and so that's one thing then the other thing is that Well, you can obviously open in a new window So that's you know, it's like there's also it depends because you could detect that first party cookies are sticking or not And if they are not If they are not then you you can pop up a new window otherwise you stay you can stay in frame because it's not all browsers Um, so there is that uh, obviously if you can do cookie less Good for you. It's like, you know, like react apps single page apps those kind of things and Finally, there is a there is a the browsers are discussing a new proposal called cheap ch. Ip Which stands for cookie Partitioned so the point here is that with those partition cookies Then safari mostly because that's the main culprit here So far it would be comfortable again allowing third party cookies because they would be partitioned to the main site That means a cookie would not would just live within the parent site And if you go to another site those cookies would not be visible so that they wouldn't they would not be could not be used anymore as tracker So I think it's not that cookies are gonna go away But more that I hope that browsers finally gonna put cheap in place We're gonna be partitioned cookies and partitioned cookies are not subject to tracking and that's and partition cookies are Just what we need. I think for li tools don't need anything else You know, so it's okay that the cookies just live within the time of the frame So I'd say if I would look at cheap proposal and how it progresses on the browser space For that, so I think there is light in the tunnel, but we're in the rough spot right now But I think if we get better Yeah There is one open chair over here if someone by the door wants to come over We have any other questions If we don't I have a question for everybody Hi, thank you so much for the presentation. That was very insightful. So one question that I have is For instance, if I have a custom LTE content provider that I'm programming and I would like to supply LTE deep linking support and try to have a custom GUI for example also implementing another layer of Let's just say filtering for example for content Is this something that I could basically build on top of lte advantage? Or how does that work because what you showed when you showed off the deep linking at which I'm not so familiar with I would like to maybe have like a GUI that supports Very sophisticated filtering mechanics. Is that possible? Well, once you're in your tool, then your tool is your limit, right? So like typically here when you learn in your tool We could see it's like possibly in the future Cengage would would allow you to do a point search and say I want any kind of content that that refers to american war It's like american war. It says the chapter is a question a quiz shows up in the search And you say I want this this and this and that I sometimes already do that actually and it's built in this in this Period. So really the contract is you go there Something happens and it returns a bunch of lte links definition So what happens there can be just a picker Or a search and actually reduce search part of it. I just keep it there Can be creation. So it's really up to you. You cannot change it in Moodle But what you can once you're in your tool Use the selection you want So yeah, okay. So by using Moodle as a provider, for example, that would probably not work as easily I would Build a tool from scratch basically if you use Moodle as a provider Yeah, because yes That's something here is that there is two facets in the in the lti house in Moodle There is Moodle as a learning platform where you go and you launch a tool But there is also it's a bit I like to see that like russian dolls Because you can go into another learning management system Which is going to now launch into Moodle and Moodle is going to act as a tool now And that's the other side of the house, which is a tool provider house where Moodle is now acting as a learning platform tool That's embedded into another Moodle or something else blackboard whatever and in those cases What are the capabilities are going to be some kind of subset of the capabilities of Moodle and there I would ask Jake not me Jake Jake is the guy a Jake denimer Is the one do mostly engage with the lti as a provider But that's also insightful because if you want to build coursewares you build your courses and all of that But you want to distribute that to a bunch of universities and you can host your courseware in Moodle And have then use Moodle as an lti plug in and plug in plug your courseware in multiple lti and then through that then Moodle is going to act now as a courseware platform more So which itself can do lti lunchies So that's why I mean solution those because your lunch lti to Moodle Moodle lunch lti somewhere the greats go back here and the greats go back So yeah, I'm curious how many people in the room are already using lti on your Moodle sites And how many knew that Moodle could be an lti provider It's elsewhere and is anybody using that function? So you know it can but you're not Okay, I was just curious