When handling a new launch, the new initialize() method should be used instead of the previous validate() method. The validate method no longer accepts arguments, and requires that the request be set on the message launch object first (which happens in initialize()). This fixes some separation-of-concern issues with the validate() method, and allows for seamless integration of LTI 1.1 to 1.3 migrations if enabled.
// instead of doing this:
$message->validate($request);
// you should do this:
$message->initialize($request);HIGH LIKELIHOOD OF IMPACT: Changed how the OIDC Login URL is retrieved, deprecated the Redirect object
When redirecting to the OIDC Login URL, the Packback\Lti1p3\LtiOidcLogin::getOidcLoginUrl() method should be used to retrieve the URL. Your application should use this to build the redirect response in whatever way is appropriate for your framework. This replaces Packback\Lti1p3\LtiOidcLogin::doOidcLoginRedirect(), which returned a Redirect object. See: #116
// instead of doing this:
$redirect = $oidLogin->doOidcLoginRedirect($launchUrl, $request);
return redirect($redirect->getRedirectUrl());
// you should do this:
return redirect($oidLogin->getRedirectUrl($launchUrl, $request));All arguments and returns are now strictly typed. This includes interfaces that require custom implementations. Notable changes:
Packback\Lti1p3\Interfaces\ICookie
setCookie(string $name, string $value, int $exp = 3600, array $options = []): void;
Packback\Lti1p3\Interfaces\IDatabase
findRegistrationByIssuer(string $iss, ?string $clientId = null): ?ILtiRegistration;
findDeployment(string $iss, string $deploymentId, ?string $clientId = null): ?ILtiDeployment;
Packback\Lti1p3\Interfaces\IMigrationDatabase
migrateFromLti1p1(LtiMessageLaunch $launch): ?ILtiDeployment;This library now requires PHP 8 and firebase/php-jwt 6.
Objects named DeepLinkResource* have been moved to their own namespace: Packback\Lti1p3\DeepLinkResources. The following classes have been moved:
Packback\Lti1p3\DeepLinkResourceDateTimeIntervalis nowPackback\Lti1p3\DeepLinkResources\DateTimeIntervalPackback\Lti1p3\DeepLinkResourceIconis nowPackback\Lti1p3\DeepLinkResources\IconPackback\Lti1p3\DeepLinkResourceIframeis nowPackback\Lti1p3\DeepLinkResources\IframePackback\Lti1p3\DeepLinkResourceis nowPackback\Lti1p3\DeepLinkResources\ResourcePackback\Lti1p3\DeepLinkResourceWindowis nowPackback\Lti1p3\DeepLinkResources\Window
To make the interface consistent with other deep link resources, src is now the first argument in the constructor:
class Iframe
{
public function __construct(
private ?string $src = null,
private ?int $width = null,
private ?int $height = null
) {
}
}Everything in the Packback\Lti1p3\ImsStorage namespace has been removed, specifically the Packback\Lti1p3\ImsStorage\ImsCache and Packback\Lti1p3\ImsStorage\ImsCookie. If you were using these classes, you will need to implement your own custom storage services. See the Laravel Implementation Guide for an example.
The following classes have been removed:
Packback\Lti1p3\ImsStorage\ImsCachePackback\Lti1p3\ImsStorage\ImsCookiePackback\Lti1p3\Redirect
The following methods have been removed:
Packback\Lti1p3\JwksEndpoint::outputJwks()- usegetPublicJwks()to build your own outputPackback\Lti1p3\LtiDeepLink::outputResponseForm()- usegetResponseJwt()to build your own outputPackback\Lti1p3\LtiDeepLinkResources\Resource::getTarget()- consider usinggetIframe()orgetWindow()insteadPackback\Lti1p3\LtiDeepLinkResources\Resource::setTarget()- consider usingsetIframe()orsetWindow()insteadPackback\Lti1p3\Redirect::doHybridRedirect()Packback\Lti1p3\Redirect::getRedirectUrl()
- When instantiating
LtiMessageLaunch,LtiOidcLogin,LtiDeploymentandLtiServiceConnectorobjects, all arguments are required now (instead of some being optional). Lti1p1KeymethodssetKey()andsetSecret()accept strings instead of arrays.LtiServiceConnector::setDebuggingMode()now returns self instead of void.
No breaking changes were introduced. However, going forward when processing a LtiOidcLogin, it is recommended to use the new getRedirectUrl() method:
// Do this:
$redirect = $oidcLogin->getRedirectUrl($launchUrl, $request);
// Then do the redirect yourself (Laravel):
return redirect($redirect);
// Or some other method
header('Location: '.$this->location, true, 302);
exit;
// Instead of the old method:
$redirect = $oidcLogin->doOidcLoginRedirect($launchUrl, $request);
$redirect->doRedirect();The LtiOidcLogin::doOidcLoginRedirect() method and Redirect object will be deprecated in the next major version.
No breaking changes were introduced. However, going forward when processing a LtiMessageLaunch, it is recommended to do $message->initialize($request); instead of the previous $message->validate($request); to support potential migrations.
Version 5.0 introduced changes to the Packback\Lti1p3\Interfaces\ICache interface.
- The method
checkNonce()was renamed tocheckNonceIsValid(). - A second required argument (
$state) was added to thecacheNonce()andcheckNonceIsValid()methods. - Stricter typing was introduced for several methods:
getLaunchData,cacheLaunchData,cacheNonce,cacheAccessToken,getAccessToken, andclearAccessToken.
Stricter typing was added to methods on several interfaces.
- On
ICachethe following methods are now more strictly typed:getLaunchData,cacheLaunchData,cacheNonce,cacheAccessToken,getAccessToken, andclearAccessToken. - On
ICookiethe following methods are now more strictly typed:getCookie, andsetCookie.
Arguments and return types are now strictly typed for methods on the cache and cookie interfaces. Custom implementations of these objects should be updated to adhere to the new typing requirements. View the interface definitions for Packback\Lti1p3\Interfaces\ICache and Packback\Lti1p3\Interfaces\ICookie to see specific typing requirements.
Version 4.0 introduced changes to the Packback\Lti1p3\Interfaces\ILtiServiceConnector interface, adding the following methods:
setDebuggingMode()makeRequest()getRequestBody()
Version 3.0 introduced changes to the Packback\Lti1p3\Interfaces\ICache interface, adding one method: clearAccessToken(). This method must be implemented to any custom implementations of the interface. The Laravel Implementation Guide contains an example.
The Packback\Lti1p3\LtiServiceConnector now uses Guzzle instead of curl to make requests. This puts control of this client and its configuration in the hands of the developer. The section below contains information on implementing this change.
The implementation of the Packback\Lti1p3\LtiServiceConnector changed to act as a general API Client for the various LTI service (Assignment Grades, Names Roles Provisioning, etc.) Specifically, the constructor for the following classes now accept different arguments:
LtiAssignmentGradesServiceLtiCourseGroupsServiceLtiNamesRolesProvisioningServiceLtiServiceConnector
The LtiServiceConnector now only accepts an ICache and GuzzleHttp\Client, and does not need an ILtiRegistration. The Laravel Implementation Guide contains an example of how to implement the service connector and configure the client.
The other LTI services now accept an ILtiServiceConnector, ILtiRegistration, and $serviceData (the registration was added as a new argument since it is no longer required for the LtiServiceConnector).
A standard naming convention was implemented for interfaces: Packback\Lti1p3\Interfaces\IObject. Any implementations of these interfaces should be renamed:
CachetoICacheCookietoICookieDatabasetoIDatabaseLtiRegistrationInterfacetoILtiRegistrationLtiServiceConnectorInterfacetoILtiServiceConnectorMessageValidatortoIMessageValidator
Version 2.0 introduced changes to the Packback\Lti1p3\Interfaces\ICache interface, adding two new methods: cacheAccessToken() and getAccessToken(). These methods must be implemented to any custom implementations of the interface. The Laravel Implementation Guide contains an example.