LTI's /ltitools endpoint doesn't recoginize OAuth'd user in 2.1x

Steps to reproduce

Steps to reproduce:
1. O'authenticate on /lti endpoint
2. Be redirected to /ltitools path (Static servlet defined in lti-module's pom)
3. Attempt to POST via the /ltitools path

Actual Results: Receive 403 unauthorized

Expected Results: /ltitools endpoint has access to oath'd user and allows the POST.

Workaround (if any): none


Stephen Marquard
July 9, 2017, 11:58 AM

Not quite sure the underlying cause here, but LTI operation tested and confirmed for 3.0 including the default URL.

June 7, 2017, 5:30 PM

It this now fixed?

Former user
February 25, 2016, 1:29 PM

Stephen, thanks. I wonder if the issue is actually that the static /ltitools pages are trying to POST to other matterhorn endpoints, and the other endpoints do not recognize the Oauth'd user. Edmore seems to have a working LTI environment and may be able to clarify the issue.

Stephen Marquard
February 25, 2016, 1:23 PM

Not sure if I'm missing something, but AFAIK (certainly in 1.6.x) /ltitools/ is just static content (custom UI for LTI users) so there's no need to POST there - it's all GETs.

Fixed and reviewed




Former user


Non Functioning