Skip to content

Core library interfaces

Depending on the top level services you want to use, you have to provide your own implementation of the following interfaces.

Mandatory interfaces

This section present the mandatory interfaces from the library to be implemented to use provided services.

Registration repository interface

Required by: - Message - Service

In order to be able to retrieve your registrations from your configuration storage, you need to provide an implementation of the RegistrationRepositoryInterface.

For example:

<?php

use OAT\Library\Lti1p3Core\Registration\RegistrationInterface;
use OAT\Library\Lti1p3Core\Registration\RegistrationRepositoryInterface;

$registrationRepository = new class implements RegistrationRepositoryInterface
{
   public function find(string $identifier): ?RegistrationInterface
   {
       // TODO: Implement find() method to find a registration by identifier, or null if not found.
   }

   public function findAll(): array
   {
       // TODO: Implement findAll() method to find all available registrations.
   }

   public function findByClientId(string $clientId) : ?RegistrationInterface
   {
       // TODO: Implement findByClientId() method to find a registration by client id, or null if not found.
   }

   public function findByPlatformIssuer(string $issuer, string $clientId = null): ?RegistrationInterface
   {
        // TODO: Implement findByPlatformIssuer() method to find a registration by platform issuer, and client id if provided.
   }

   public function findByToolIssuer(string $issuer, string $clientId = null): ?RegistrationInterface
   {
        // TODO: Implement findByToolIssuer() method to find a registration by tool issuer, and client id if provided.
   }
};
Note: you can find a simple implementation example of this interface in the method createTestRegistrationRepository() of the DomainTestingTrait.

User authenticator interface

Required by: Message

During the OIDC authentication handling on the platform side, you need to define how to delegate the user authentication by providing an implementation of the UserAuthenticatorInterface.

For example:

<?php

use OAT\Library\Lti1p3Core\Registration\RegistrationInterface;
use OAT\Library\Lti1p3Core\Security\User\UserAuthenticatorInterface;
use OAT\Library\Lti1p3Core\Security\User\Result\UserAuthenticationResultInterface;

$userAuthenticator = new class implements UserAuthenticatorInterface
{
   public function authenticate(
       RegistrationInterface $registration,
       string $loginHint
   ): UserAuthenticationResultInterface {
       // TODO: Implement authenticate() method to perform user authentication (ex: session, LDAP, etc)
   }
};
Notes:

  • you can find a simple implementation example of this interface in the method createTestUserAuthenticator() of the SecurityTestingTrait.
  • you can find a ready to use UserAuthenticationResultInterface implementation is available in UserAuthenticationResult

Optional interfaces

This section present the optional interfaces from the library you can implement, but for which a default implementation is already provided.

Nonce repository interface

Default implementation: NonceRepository

In order to be able to store security nonce the way you want, you can provide an implementation of the NonceRepositoryInterface.

For example:

<?php

use OAT\Library\Lti1p3Core\Security\Nonce\NonceInterface;
use OAT\Library\Lti1p3Core\Security\Nonce\NonceRepositoryInterface;

$nonceRepository = new class implements NonceRepositoryInterface
{
    public function find(string $value) : ?NonceInterface
    {
        // TODO: Implement find() method to find a nonce by value, or null if not found.
    }

    public function save(NonceInterface $nonce) : void
    {
        // TODO: Implement save() method to save a nonce (cache, database, etc)
    }
};
Note: the ready to use NonceRepository works with a PSR6 cache.

JWKS fetcher interface

Default implementation: JwksFetcher

In order to be able to fetch public keys JWK from configured JWKS endpoint, you need to provide an implementation of the JwksFetcherInterface.

For example:

<?php

use OAT\Library\Lti1p3Core\Security\Jwks\Fetcher\JwksFetcherInterface;
use OAT\Library\Lti1p3Core\Security\Key\KeyInterface;

$fetcher = new class implements JwksFetcherInterface
{
    public function fetchKey(string $jwksUrl, string $kId) : KeyInterface
    {
        // TODO: Implement fetchKey() method to find a Key via an HTTP call to the $jwksUrl, for the kid $kId.
    }
};
Notes:

  • it is recommended to put in cache the JWKS endpoint responses, to improve performances since they don't change often. Your implementation can then rely on a cache by example.
  • the ready to use JwksFetcher works with a guzzle client to request JWKS data, a PSR6 cache to cache them, and a PSR3 logger to log this process.

LTI platform message launch validator interface

Default implementation: PlatformLaunchValidator

To customise platform message launch validation, an implementation of the PlatformLaunchValidatorInterface can be provided.

LTI tool message launch validator interface

Default implementation: ToolLaunchValidator

To customise tool message launch validation, an implementation of the ToolLaunchValidatorInterface can be provided.

LTI service client interface

Default implementation: LtiServiceClient

In order to send authenticated service calls, an implementation of the LtiServiceClientInterface can be provided.

For example:

<?php

use OAT\Library\Lti1p3Core\Service\Client\LtiServiceClientInterface;
use OAT\Library\Lti1p3Core\Registration\RegistrationInterface;  
use Psr\Http\Message\ResponseInterface;

$client = new class implements LtiServiceClientInterface
{
    public function request(RegistrationInterface $registration, string $method, string $uri, array $options = [], array $scopes = []) : ResponseInterface
    {
        // TODO: Implement request() method to manage authenticated calls to services.
    }
};
Notes:

  • it is recommended to put in cache the service access tokens, to improve performances. Your implementation can then rely on an injected PSR6 cache by example.

LTI service server access token generator interface

Default implementation: AccessTokenResponseGenerator

To customise access token generation, an implementation of the AccessTokenResponseGeneratorInterface can be provided.

LTI service server access token validator interface

Default implementation: RequestAccessTokenValidator

To customise access token validation, an implementation of the RequestAccessTokenValidatorInterface can be provided.

LTI service server client repository interface

Default implementation: ClientRepository

In order to retrieve and validate clients involved in authenticated service calls, an implementation of the ClientRepositoryInterface can be provided.

Notes:

  • the default ClientRepository injects the RegistrationRepositoryInterface to be able to expose your platforms as oauth2 providers and tools as consumers.
  • in case of the consumer tool public key is not given in the registration, it will automatically fallback to a JWKS call.

LTI service server access token repository interface

Default implementation: AccessTokenRepository

In order to store service calls access tokens, an implementation of the AccessTokenRepositoryInterface can be provided.

Note: the default AccessTokenRepository implementation rely on a PSR6 cache to store generated access tokens.

LTI service server scope repository interface

Default implementation: ScopeRepository

In order to retrieve and finalize scopes during grants, an implementation of the ScopeRepositoryInterface can be provided.

Note:

  • the default ScopeRepository will just provide back scopes given at construction.

Id generator interface

Default implementation: IdGenerator

To customise overall id generation, an implementation of the IdGeneratorInterface can be provided.

Note:

  • the default IdGenerator generates UUIDv4.

JWT interface

Default implementation: Token

To customise JWT handling, an implementation of the TokenInterface can be provided.

JWT builder interface

Default implementation: Builder

To customise JWT creation, an implementation of the BuilderInterface can be provided.

JWT parser interface

Default implementation: Parser

To customise JWT parsing, an implementation of the ParserInterface can be provided.

JWT validator interface

Default implementation: Validator

To customise JWT validation, an implementation of the ValidatorInterface can be provided.