@hackage lti130.1.2.1

Core functionality for LTI 1.3.

lti13

This is a minimal implementation of LTI 1.3 authentication for Haskell. It supports performing LTI launches and getting most of the interesting fields of the resource link request.

This library is intended to be used in developing integrations with web frameworks, although it can be used directly. A sample integration is yesod-auth-lti13.

Correct usage

Client code is expected to maintain a CSRF token, the state parameter, in session storage and check it is the same as the one from handleAuthResponse, failing authentication if it is not. Future versions of the library may introduce a mandatory callback to ensure clients do this. For an example of this, see the yesod-auth-lti13 sources.