Error HTTP 403 while processing Deep Linking response in LTI 1.3 integration

Marcin.Cieslak82 · November 2022

We are trying to integrate LAMS with Brightspace using LTI 1.3. With existing code we have been successful with other LMSes.

A Deep Linking request gets processed successfully. LAMS displays its content selection screen.

On save Brightspace produces a 403 error. Its logs only say "Error processing deep linking return".

Here is an anonymised request we are getting from Brightspace

----

{

"alg": "RS256",

"kid": "d830e74d-4e7a-47fd-be21-91a5bbe2918d",

"typ": "JWT"

}

{

"nbf": 1654763354,

"exp": 1654765154,

"iss": "https://anonymoustest.brightspace.com",

"aud": "cee1b12b-7a51-4031-b3f3-6290de804df6",

"iat": 1654763354,

"sub": "d3f1105f-7b67-4282-b71a-33f3fdadfa95_2387",

"given_name": "Anonymous",

"family_name": "An",

"name": "Anonymous An,

"email": "Anonymous.An@anonymous.com",

"nonce": "2432ad5c85fc",

"https://purl.imsglobal.org/spec/lti/claim/message_type": "LtiDeepLinkingRequest",

"https://purl.imsglobal.org/spec/lti/claim/version": "1.3.0",

"https://purl.imsglobal.org/spec/lti/claim/deployment_id": "ab6df953-502d-4d0e-aab4-a65a2b880a4c",

"https://purl.imsglobal.org/spec/lti/claim/target_link_uri": "https://anonymous.lamsinternational.com/lams/lti/advantage",

"https://purl.imsglobal.org/spec/lti/claim/roles": [

"http://purl.imsglobal.org/vocab/lis/v2/membership#Learner",

"http://purl.imsglobal.org/vocab/lis/v2/membership#Instructor",

"http://purl.imsglobal.org/vocab/lis/v2/membership#Member",

"http://purl.imsglobal.org/vocab/lis/v2/membership#Mentor",

"http://purl.imsglobal.org/vocab/lis/v2/membership#Administrator",

"http://purl.imsglobal.org/vocab/lis/v2/institution/person#Instructor",

"http://purl.imsglobal.org/vocab/lis/v2/institution/person#Staff"

],

"https://purl.imsglobal.org/spec/lti/claim/context": {

"id": "9052",

"label": "2017 test 1",

"title": "2017 test 1",

"type": [

"http://purl.imsglobal.org/vocab/lis/v2/course#CourseOffering"

]

},

"https://purl.imsglobal.org/spec/lti/claim/lis": {

"course_offering_sourcedid": "anonymoustest.brightspace.com:2017 test 1",

"course_section_sourcedid": "anonymoustest.brightspace.com:2017 test 1"

},

"https://purl.imsglobal.org/spec/lti/claim/launch_presentation": {

"locale": "en-US"

},

"http://www.brightspace.com": {

"tenant_id": "54fe20b5-4e8b-4ad4-a9ba-43985dc84795",

"org_defined_id": "",

"user_id": 2387,

"username": "Anonymous.An",

"Context.id.history": ""

},

"https://purl.imsglobal.org/spec/lti-ags/claim/endpoint": {

"scope": [

"https://purl.imsglobal.org/spec/lti-ags/scope/lineitem",

"https://purl.imsglobal.org/spec/lti-ags/scope/lineitem.readonly",

"https://purl.imsglobal.org/spec/lti-ags/scope/result.readonly",

"https://purl.imsglobal.org/spec/lti-ags/scope/score"

],

"lineitems": "https://anonymoustest.brightspace.com/d2l/api/lti/ags/2.0/deployment/ab6df953-502d-4d0e-aab4-a65a2b880a4c/orgunit/9052/lineitems"

},

"https://purl.imsglobal.org/spec/lti-dl/claim/deep_linking_settings": {

"accept_types": [

"link",

"file",

"ltiResourceLink",

"image"

],

"accept_media_types": "*/*",

"accept_presentation_document_targets": [

"iframe",

"window"

],

"accept_multiple": true,

"auto_create": false,

"deep_link_return_url": "https://anonymoustest.brightspace.com/d2l/lti/dl/content/orgUnitId/9052/linkId/131/parentModuleId/29653/cB5tc3pFZsZlDCZH_r2q1ycSazDE6YfOdGRg6OEfRFU%7e",

"data": "cB5tc3pFZsZlDCZH_r2q1ycSazDE6YfOdGRg6OEfRFU~"

},

"https://purl.imsglobal.org/spec/lti/claim/custom": {

"contexthistory": "",

"usertimezone": "Asia/Dubai"

},

"https://purl.imsglobal.org/spec/lti-nrps/claim/namesroleservice": {

"context_memberships_url": "https://anonymoustest.brightspace.com/d2l/api/lti/nrps/2.0/deployment/ab6df953-502d-4d0e-aab4-a65a2b880a4c/orgunit/9052/memberships",

"service_versions": [

"2.0"

]

},

"https://purl.imsglobal.org/spec/lti/claim/tool_platform": {

"guid": "54fe20b5-4e8b-4ad4-a9ba-43985dc84795",

"product_family_code": "desire2learn"

}

-----

The response we are sending is

-----

{

"kid": "kid_2022_08_06",

"alg": "RS256"

}

{

"iss": "cee1b12b-7a51-4031-b3f3-6290de804df6",

"aud": "https://anonymoustest.brightspace.com",

"iat": 1654763362,

"exp": 1654763512,

"https://purl.imsglobal.org/spec/lti/claim/message_type": "LtiDeepLinkingResponse",

"https://purl.imsglobal.org/spec/lti/claim/version": "1.3.0",

"https://purl.imsglobal.org/spec/lti/claim/deployment_id": "ab6df953-502d-4d0e-aab4-a65a2b880a4c",

"nonce": "2432ad5c85fc",

"https://purl.imsglobal.org/spec/lti-dl/claim/content_items": [

{

"type": "ltiResourceLink",

"title": "Noticeboard test",

"url": "https://anonymous.lamsinternational.com/lams/lti/advantage",

"custom": {

"learningdesignid": "61",

"grading": "lesson",

"enablelessonintro": "true",

"lessonid": "180"

},

"window": {

"targetName": "LAMS - Noticeboard test",

"with": 1024,

"height": 500,

"windowFeatures": "resizable,scrollbars=yes,status=yes"

},

"lineItem": {

"scoreMaximum": 100,

"label": "Noticeboard test",

"resourceId": "lams_lesson_180",

"tag": "LAMS lesson grade"

},

"iframe": {

"url": "https://anonymous.lamsinternational.com/lams/lti/advantage",

"width": 1024,

"height": 500

}

],

"https://purl.imsglobal.org/spec/lti-dl/claim/data": "cB5tc3pFZsZlDCZH_r2q1ycSazDE6YfOdGRg6OEfRFU~"

}

----

What could be the reason for the error?

Should the audience ("aud") be https://api.brightspace.com/auth/token ?

But here is what the specification says

https://www.imsglobal.org/spec/lti-dl/v2p0#aud

and we follow it.

This thread

https://community.brightspace.com/s/question/0D55W000005wEgZSAU/working-on-developing-13-lti-deep-linking-keep-getting-errors

mentions that Brightspace "wasn't expecting a array of objects, just expecting one ltiResourceLink". But this behaviour would be inconsistent with the specification

https://www.imsglobal.org/spec/lti-dl/v2p0#content-items

which says it should be an array. Is it a bug? Implementing a workaround on our side it not that trivial.

If anyone can help, we will be very thankful.

Error HTTP 403 while processing Deep Linking response in LTI 1.3 integration

Categories