Prerequisites Two sites are required for testing this feature and they must be able to communicate with one another. You'll also need to be able to change files on the platform site, to simulate the kind of JWKS we're aiming to target with the patch here. LTI platform (formerly known as consumer) LTI tool (formerly known as provider). Important : If you're testing locally, you'll need to disable the 'Blocked hosts' setting in BOTH sites. You can find it in Site administration ► Security ► HTTP security. You'll need to clear the values and save. In the tool site, create a course with: One assignment One file resource Enrol a teacher t1 in the course In the platform site, create a course Enrol two teachers: t1 and t2 Enrol one student, s1 Enable the 'Publish as LTI tool' feature in the 'tool' site Log in to the tool site as an administrator. Follow Site administration ► Security ► HTTP security and enable 'Allow frame embedding'. Follow Site administration ► Plugins ► Authentication ► Manage authentication' and enable the 'LTI' authentication plugin. Follow Site administration ► Plugins ► Enrolments ► Manage enrol plugins and enable 'Publish as LTI tool'. Register the tool and platform Log in to the tool site as an admin user Follow Site administration ► Plugins ► Enrolments ► Publish as LTI tool ► Tool registration Click "Register a platform" Enter "Moodle LMS" when prompted for a name and click "Continue" When you see the tool details on the next screen, copy the registration URL to clipboard using the icon next to the URL Now, in a separate browser tab, log in to the platform site as an administrator Follow Site administration ► Plugins ► Activity modules ► External tool ► Manage tools Paste the registration URL into the "Tool URL..." field and press "Add LTI Advantage" When the page reloads and you see the tool card in the list of tools, click to edit the settings of the tool Make sure the following are set: Set "Tool configuration usage" to "Show in activity chooser and as a preconfigured tool" Expand "Privacy" and set "Share launcher's name with tool" to "Delegate to teacher" Again in "Privacy", set "Share launcher's email with tool" to "Delegate to teacher" Set the name of the tool to "QA test tool" and save the tool configuration Click "Activate" on the tool card. Publish a course, activity and resource on the tool site Log in to the tool site as the teacher t1 Visit the course Follow Course administration ► Published as LTI tools Make sure you're on the LTI Advantage tab Add a new instance, setting 'Tool to be published' to the course. Add a new instance, setting 'Tool to be published' to the assignment Add a new instance, setting 'Tool to be published' selected to the file resource. Verify you now have 3 published items Log out of the tool site now. On the platform site Log in as teacher t1 and visit the course. Click to add an activity or resource Select "QA test tool" from the activity chooser On the activity edit view, click "Select content" Verify you see the list of published activities Now edit the method mod/lti/classes/local/ltiopenid/jwks_helper::get_jwks(), setting the line as follows (commented out): //$jwk['alg'] = 'RS256'; Save the file. Click 'Select content' again. Verify you can see the list of published activities. Now edit the method get_jwks() again, setting the line as follows: $jwk[ 'alg' ] = 'RS512' ; Save the file. Click 'Select content' again. Verify you now see an error - "Incorrect key for this algorithm" Now edit the method get_jwks() again, setting the two lines as follows: $jwk[ 'kty' ] = 'EC' ; //$jwk['alg'] = 'RS512'; Save the file. Click 'Select content' again. Verify you now see an error - "Alg specified in the JWT header is incompatible with the JWK key type" After the test Make sure to revert your changes. git reset --hard origin/master