Cvmcosta
URL with path redirected incorrectly
Describe the bug
If the server's URL includes a path, the LTI incorrectly redirects to a URL that does not include that path after session validation. For example if my server is hosted at https://api.example.com/prod/ and I access the LTI middleware at https://api.example.com/prod/lti/login and the session validation succeeds, the request is redirected to https://api.example.com/lti without the /prod path, which often times results in an unauthorized error.
Expected behavior
The library should redirect requests in a way that accounts for being hosted at a path instead of just the base domain. For example if https://api.example.com/prod/login should be redirected to https://api.example.com/prod/?ltik= after successful session validation
Ltijs version
- Version 5.7.7
NodeJS version
- Version 12
Platform used
- Canvas
Additional context It looks like the line causing this can be found at Provider.js Line 348. Also hopefully this isn't out of scope and I'm not missing a super obvious resolution.
In my case, I'm passing my API Gateway URL through Route 53 and removing the /prod path used in my example above. So if you have the option, an alias record may help.
A possible workaround you could do is start the lti server in serverless mode and then mount it on your own express app.
This way req.baseUrl should be relative to where lti.app is mounted
const lti = lti.setup(
{/* database config */},
{
"appRoute" : "/",
"loginRoute" : "/login",
"keysetRoute" : "/keys",
},
)
await lti.deploy({"serverless" : true})
const app = express()
app.use("/prod/lti", lti.app)
app.listen(3000)
Just be aware that any routes outside of /prod/lti wont get blocked by ltijs if the user isn't authenticated
Still an issue - definitely a blocker for deploying when doing test/stage/prod. Any solutions?
