LTI SSO (Single Sign-On) workflow using "lms/lti" gem

I’m building an education app and need the ability to SSO into

I’m currently using the LTI framework which is based on Oauth. It allows User Identity data to be passed back and forth as well as other data such grades, etc.

The key/secret are hard coded into source code, therefore currently I do not need to be able to give a key and a secret to a school but would like to add this ability later on.

LTI will pass the key and secret along with student attributes to my endpoint. I need to be able to authenticate them and then extract the attributes from the post. LTI uses oauth to authenticate.

LTI provides a consumer tool to test the endpoints, I’ve installed and successfully autheticated using the consumer tool, however I’m not sure how to set this up in my rails app. Is there a Railzzy (convention) way of setting up this workflow?

What I’ve done so far:

I’ve added the “lti/lms” to my gemfile
Generated an SSO controller
Defined a sso_signin method
Added a route to match the sso#sign_in controller/action

Not sure if this is correct, is there a better way of solving for this?

I implemented LTI launch requests as a custom Devise authentication strategy. That provided a very Rails-y configuration experience when I was done. I merely needed to add devise :lti_authenticatable to my User model and created a new controller that only needed to subclass Devise’s SessionsController. If you’re using Devise, I would be happy to talk about the design.

I tried about a year ago to extract this strategy out into a gem, but failed. There were lots of dependencies to disentangle – the mapping of LTI roles to your own app’s, a model for the LTI consumers (you’re a tool provider in LTI-speak, right?), the need for the launch request to know about how you store your schools and classes – that it didn’t seem worth the effort. I could give it another go if you’re interested.

Hey Jerry - I am using Devise just to confirm. In my particular case I believe I may just be replacing as the tool provider since I’m essentially using their consumer and key, I’ve made some progress recently on my end however I think I might be over-analyzing the design portion. I’d love to chat about when you have time.

@huskynation did you ever end up figuring this out? Would love to hear more about your solution if so