Am working on LTI Tool Provider, I have implemented an LTI auth package and am successfully able to get two (..one?) legged OAuth working aka match the signatures and we're all good to redirect, except one important thing.
What I want to be able to do, is
Right now I have no way of actually determining my user once I redirect to a client route.
The LTI Consumer points to my Iron Router server route that looks something like:
Router.route('/lti', { where: 'server' }).post(function() {
provider.valid_request(request, function(error, valid) {
if (valid) {
this.response.writeHead(302, { Location: '/' });
} else {
this.response.writeHead(403);
}
});
return this.response.end();
});
Are there any packages I can use to get this working simply? Can I use something like accounts-base? Do I need to implement my own logic?
Any help or direction is appreciated.
Cheers.
I solved this by implementing a single-use authentication token system, handled by a custom login handler using accounts-base
and the Accounts.registerLoginHandler
method.
Rough auth flow overview:
LTI Route (server)
Auth route (client)
Accounts.callLoginMethod
My code is messy, but when I refactor I'll probably open source it as a Meteor package.