Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Better LTI passport management #2185

Open
sampaccoud opened this issue Apr 14, 2023 · 0 comments
Open

Better LTI passport management #2185

sampaccoud opened this issue Apr 14, 2023 · 0 comments

Comments

@sampaccoud
Copy link
Contributor

sampaccoud commented Apr 14, 2023

Feature Request

Is your feature request related to a problem or unsupported use case? Please describe.
We have more and more LTI passport to open and manage which is becoming complicated manually.

Describe the solution you'd like
When creating a passport we want to be able to transmit it SECURELY to our contact in 1-click:

  • Add a contact email on each LTI passport instance to know who to contact
  • Add a button or action on the admin of LTI passports to send the credential to the contact:
    • click on the "send credentials" action
    • record a token in redis e.g "a4f8......db88" expiring after a few hours (configurable?)
    • accessing the url https://marsha.education/passpport/a4f8......db88 within the expiration period should display the LTI secret and delete the token from Redis so that the link can never be accessed a second time
    • send an email to the contact containing in the body of the email :
      • the oauth consumer key
      • the temporary link to the secret
      • some explanations and a link to the detailed documentation

Describe alternatives you've considered
Alternatively, let the administrator of an organization manage his.er consumer sites and passports directly from the standalone site.

We should think of encrypting the content of the secret field of the LTI passport in database.

Discovery, Documentation, Adoption, Migration Strategy
The support team should have access to the passport object in admin but not see the value of the secret field. They should have access to the button to send the secret to the contact email.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

1 participant