-
Bug
-
Resolution: Cannot Reproduce
-
Minor
-
None
-
3.9.6
-
None
-
MOODLE_39_STABLE
My LTI 1.3 is a deep link embed application and is not using cookies.
In chrome incognito mode with third party cookies disabled it's working, same in Firefox, It's working too with Safari with other LMS, but with Moodle and Safari combination is not working.
Enabling permission to third party cookies in Safari It's working, but I needn't it because i have not cookies in my tool.
This is the flow:
From /mod/lti/contentitem.php go to my tool login.
After do a login in my LTI application go to /mod/lti/auth.php.
and this page return to my tool with this parameters:
/mod/lti/auth.php?login_hint=135<i_message_hint=0&scope=openid&response_type=id_token<i_deployment_id=11&redirect_uri=https://myurl&state=XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX&nonce=XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX&prompt=none&client_id=XXXXXXXXXXXXXXX&response_mode=form_post
In Chrome and Safari for example It's using the same parameters in the url, but safari with third party cookies disabled it's returning:
error: invalid_request
state: XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX
And with Firefox and Chrome Incognito mode with third party cookies disabled is returning:
id_token: my_long_jwt
state: XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX
Having not a error description I suspect it could be this checks from auth.php file:
!empty($scope) && !empty($responsetype) && !empty($clientid) && !empty($redirecturi) && !empty($loginhint) && !empty($nonce) && !empty($SESSION->lti_message_hint); |
Can be the last check from $SESSION and having problems to check it from this iframe in Safari with third party cookies disabled?
