[Building Sakai] basic lti and sakai session id
John Bush
john.bush at rsmart.com
Wed Sep 21 09:26:17 PDT 2011
I'm creating a basic lti producer which works create. But now I want
to make web service call back to sakai and need a session id. I can
see sakai encrypts the sessionId and sends it over in the payload.
The issues is that this uses the some LinkTool code to encrypt, which
relies on the sakai.rutgers.linktool.privkey and
sakai.rutgers.linktool.salt files in sakai. This mean in order to
decrypt the session id on my side I need these two files.
I think this was done to be backwards capatible with the linktool.
But since basic lti has its own secret wouldn't it be better to use
that, so there isn't an additional key needed? Is there a reason we
couldn't either make a switch to decide how to encrypt this, or send a
different session_id in the payload encrypted using the basic lti
secret key?
--
John Bush
602-490-0470
More information about the sakai-dev
mailing list