LTI's /ltitools endpoint doesn't recoginize OAuth'd user in 2.1x
Steps to reproduce
Steps to reproduce:
1. O'authenticate on /lti endpoint
2. Be redirected to /ltitools path (Static servlet defined in lti-module's pom)
3. Attempt to POST via the /ltitools path
Actual Results: Receive 403 unauthorized
Expected Results: /ltitools endpoint has access to oath'd user and allows the POST.
Workaround (if any): none
Not quite sure the underlying cause here, but LTI operation tested and confirmed for 3.0 including the default URL.
It this now fixed?
Stephen, thanks. I wonder if the issue is actually that the static /ltitools pages are trying to POST to other matterhorn endpoints, and the other endpoints do not recognize the Oauth'd user. Edmore seems to have a working LTI environment and may be able to clarify the issue.
Not sure if I'm missing something, but AFAIK (certainly in 1.6.x) /ltitools/ is just static content (custom UI for LTI users) so there's no need to POST there - it's all GETs.