Assignments and Grades integration in Moodle LMS - LTI 1.3 (With client_credentials base OAuth 2.0)


Moodle is the world’s most popular and most used learning management system. It’s easy to see why, the Moodle Learning Management System (LMS) is a flexible, open-source, and free to download learning management solution.

This article describes how we need to work with moodle APIs in order to manipulate assignments and grades. These details are specific to LTI 1.3 standards and using client credential base OAuth 2.0

In LTI 1.3 flow, the main part is OAuth 2.0. When we work with moodle APIs, it needs to send the access token along with each API call. That means before work with the end-points we have to have the access token with us. This article specifies the client credential base assess token and to get that access token we need an external tool in Moodle LMS. 

Let's see the process step by step....

 This process can be divided into three parts. 
  • Create an external tool in Moodle. 
  • Generate access token.
  • Manipulate assignments and grade APIs. 
1) Create an external tool in Moodle. 

As I mentioned earlier, to work with Moodle APIs we need an access token. For generating that access token there should be an external tool in Moodle LMS. After creating the external tool, moodle will provide a Client ID. In addition to that we need to provide a public key when we are creating the external tool, for decrypting the data that has been sent in order to get the token. It needs to send some details as a JWT with signed by our private key. Then moodle will decrypt the data by using the public key that we have provided. 

Let's see how to create an LTI 1.3 external tool in Moodle. 
  1. Login as an Admin to Moodle.
  2. Click on Site Administration> Plugins> External tool> Manage tools
  3. Click on "configure a tool manually" option.
  4. Enter below:
    - Tool name
    - Tool URL
    - LTI version: Select LTI 1.3
    - Public Key
    - Initiate login URL
    - Redirection URI(s)
    - Tool configuration usage: Default launch container
  5. Click on "Save changes" button
  6. The tool will appear in the Tools list
  7. Click on the icon of View Configuration details and the details are available there
    • Platform ID
    • Client ID
    • Deployment ID
    • Public keyset URL
    • Access token URL
    • Authentication request URL

Key Points :- 
    
    The public key should be in this format. 

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0B........public_key_string
-----END PUBLIC KEY-----



2) Generate access token.

To work with assignment and grade endpoints, it is essential to have the access token and needs to be sent along with each API call. This article will discuss the way how we can generate the client credential base access token. 

Let's see how to generate client credential base access token. 

The Moodle access token endpoint:- http://<<url_of_moodle_instant>>.com/moodle38/mod/lti/token.php
This endpoint will shows in the external tool details that we have created. 

Content-type :- application/x-www-form-urlencoded

Request body to get access token. 

grant_type : client_credentials
client_assertion_type : urn:ietf:params:oauth:client-assertion-type:jwt-bearer
client_assertion : XXXXX... (JWT signed by private key)
scope : https://purl.imsglobal.org/spec/lti-ags/scope/lineitem https://purl.imsglobal.org/spec/lti-ags/scope/lineitem.readonly https://purl.imsglobal.org/spec/lti-ags/scope/result.readonly https://purl.imsglobal.org/spec/lti-ags/scope/score



client_assertion

Client assertion is a JWT(java web token) signed with the private key. This token will decrypt in the moodle side using the public key which has provided when we are creating the external tool. To create this JWT we have to use specific details and signed with the private key. The encryption mechanism is RSA256.

These are the values used to generate the JWT.

{
    "iss": "https://example.com",
    "iat": 1580200798,
    "exp": 1611736798,
    "aud": "http://expample_moodle_instant.com/moodle38/mod/lti/token.php",
    "sub": "10000000001166"
}

iss :- Issuer (Domain of the application which requests the access token) 
iat :-  Token generated time
exp :- Token expiration time
and :- Audience (URL that we use to get the access token) 
sub :- Client ID (client ID provided by the moodle after the external tool creation)

We can use www.jwt.io to generate this JWT manually. 




When we call this API, moodle will decrypt the JWT token and do the validations. If the provided details are valid, Moodle will provide the access token relevant to the client ID and requested scope. Using that access token we can manipulate Moodle assignments and grade endpoints. 


3) Manipulate assignment and grade APIs.

To manipulate assignments and grade APIs it is needed to have the access token given by Moodle. Also, there are specific content-types that are related to IMS standards. This content type is very important to work with the APIs.  


Get Assignment (get lineItem) 

API :- http://<<example-moodle-instant>>.com/moodle38/moodle38/mod/lti/services.php/80028/lineitems/53/lineitem
Method :- GET
Authentication :- Bearer token


Create Assignment (create lineItem) 

API :- http://<<example-moodle-instant>>.com/moodle38/mod/lti/services.php/80028/lineitems?type_id=19
Method :- POST
Content-type :- application/vnd.ims.lis.v2.lineitem+json
Authentication :- Bearer token
Sample body:-

    {
    "id""123",
    "scoreMaximum"100,
    "label""CreateAssignmentTest"
    }

Update Assignment (update lineItem) 

API :- http://<<example-moodle-instant>>.com/moodle38/mod/lti/services.php/80028/lineitems/107/lineitem?type_id=19
Method :- PUT
Content-type :- application/vnd.ims.lis.v2.lineitem+json
Authentication :- Bearer token
Sample body:-

    {
    "id""123",
    "scoreMaximum"150,
    "label""Tesing123",
    "tag""MyTag"
    }


Delete Assignment (delete lineItem) 

API :- http://<<example-moodle-instant>>.com/moodle38/mod/lti/services.php/80028/lineitems/90/lineitem?type_id=19
Method :- DELETE
Authentication :- Bearer token


Grade Sync

API :- http://<<example-moodle-instant>>.com/moodle38/mod/lti/services.php/80037/lineitems/71/lineitem/scores?type_id=19
Method :- PUT
Content-type :- application/vnd.ims.lis.v1.score+json
Authentication :- Bearer token
Sample body:-

    {
    "timestamp": "2020-12-10T18:54:36.736+00:00",
    "scoreGiven": 8,
    "scoreMaximum": 100,
    "comment": "This is exceptional work.",
    "activityProgress": "Completed",
    "gradingProgress": "FullyGraded",
    "userId": "80056"
    }

Get Grade Result  (get lineItem) 

API :- http://<<example-moodle-instant>>.com/moodle38/mod/lti/services.php/80037/lineitems/90/lineitem/results/?type_id=19
Method :- GET
Authentication :- Bearer token

These are the main assignments and grades APIs in Moodle related to LTI 1.3. I hope that, this article will helpful for integrating an application with Moodle LMS. 

Comments

Popular posts from this blog

Cross Site Request Forgery Protection