lti-tool Documentation
    Preparing search index...

    Class LTITool

    Main LTI 1.3 Tool implementation providing secure authentication, launch verification, and LTI Advantage services integration.

    const ltiTool = new LTITool({
      stateSecret: new TextEncoder().encode('your-secret'),
      keyPair: await generateKeyPair('RS256'),
      storage: new MemoryStorage()
    });

    // Handle login initiation
    const authUrl = await ltiTool.handleLogin({
      client_id: 'your-client-id',
      iss: 'https://platform.example.com',
      launchUrl: 'https://yourtool.com/lti/launch',
      login_hint: 'user123',
      target_link_uri: 'https://yourtool.com/content',
      lti_deployment_id: 'deployment123'
    });
    Index

    Constructors

    constructor

    Methods

    addClient addDeployment completeDynamicRegistration createDeepLinkingResponse createLineItem createSession deleteClient deleteDeployment deleteLineItem deleteRegistrationSession fetchPlatformConfiguration getClientById getDeployment getJWKS getLineItem getMembers getRegistrationSession getScores getSession handleLogin initiateDynamicRegistration listClients listDeployments listLineItems setRegistrationSession submitScore updateClient updateDeployment updateLineItem verifyLaunch

    Constructors

    Methods

    • Adds a new LTI client platform configuration.

      Parameters

      • client: Omit<LTIClient, "id" | "deployments">

        Client configuration (ID will be auto-generated)

      Returns Promise<string>

      The generated client ID

    • Adds a new deployment to an existing client.

      Parameters

      • clientId: string

        Client identifier

      • deployment: Omit<LTIDeployment, "id">

        Deployment configuration to add

      Returns Promise<string>

      The generated deployment ID

    • Completes LTI 1.3 dynamic registration by processing form submission and storing client configuration. Validates session, registers with platform, stores client/deployment data, and returns success page.

      Parameters

      • dynamicRegistrationForm: {
            services?: (
                "ags"
                | "nrps"
                | "deep_linking"
                | "tool_settings"
                | "basic_outcome"
            )[];
            sessionToken: string;
        }

        Validated form data containing selected services and session token

      Returns Promise<string>

      HTML success page with registration details and close button

      When dynamic registration service is not configured or registration process fails

    • Creates a Deep Linking response with selected content items. Generates a signed JWT and returns HTML form that auto-submits to the platform.

      Parameters

      • session: LTISession

        Active LTI session containing Deep Linking configuration

      • contentItems: (
            | {
                available?: { endDateTime?: string; startDateTime?: string };
                custom?: Record<string, string>;
                icon?: { height?: number; url: string; width?: number };
                lineItem?: {
                    label: string;
                    resourceId?: string;
                    scoreMaximum: number;
                    tag?: string;
                };
                submission?: { endDateTime?: string; startDateTime?: string };
                text?: string;
                thumbnail?: { height?: number; url: string; width?: number };
                title?: string;
                type: "ltiResourceLink";
                url?: string;
            }
            | {
                embed?: { html: string };
                icon?: { height?: number; url: string; width?: number };
                iframe?: { height?: number; src: string; width?: number };
                text?: string;
                thumbnail?: { height?: number; url: string; width?: number };
                title?: string;
                type: "link";
                url: string;
                window?: { targetName?: string; windowFeatures?: string };
            }
            | {
                html: string;
                icon?: { height?: number; url: string; width?: number };
                text?: string;
                thumbnail?: { height?: number; url: string; width?: number };
                title?: string;
                type: "html";
            }
            | {
                expiresAt?: string;
                icon?: { height?: number; url: string; width?: number };
                mediaType: string;
                text?: string;
                thumbnail?: { height?: number; url: string; width?: number };
                title?: string;
                type: "file";
                url: string;
            }
            | {
                height?: number;
                icon?: { height?: number; url: string; width?: number };
                text?: string;
                thumbnail?: { height?: number; url: string; width?: number };
                title?: string;
                type: "image";
                url: string;
                width?: number;
            }
        )[]

        Array of content items selected by the user

      Returns Promise<string>

      HTML string containing auto-submit form

      When Deep Linking is not available for the session

      const html = await ltiTool.createDeepLinkingResponse(session, [
        {
          type: 'ltiResourceLink',
          title: 'Quiz 1',
          url: 'https://tool.example.com/quiz/1'
        }
      ]);
      // Render the HTML to return content items to platform

    • Creates a new line item (gradebook column) on the platform using Assignment and Grade Services (AGS).

      Parameters

      • session: LTISession

        Active LTI session containing AGS service endpoints

      • createLineItem: {
            endDateTime?: string;
            label: string;
            resourceId?: string;
            resourceLinkId?: string;
            scoreMaximum: number;
            startDateTime?: string;
            tag?: string;
        }

        Line item data including label, scoreMaximum, and optional metadata

        • OptionalendDateTime?: string

          Optional end date/time for the assignment

        • label: string

          Human-readable label for the line item

        • OptionalresourceId?: string

          Optional resource identifier that this line item is associated with

        • OptionalresourceLinkId?: string

          Optional resource link identifier

        • scoreMaximum: number

          Maximum score possible for this line item

        • OptionalstartDateTime?: string

          Optional start date/time for the assignment

        • Optionaltag?: string

          Optional tag to identify the line item

      Returns Promise<
          {
              endDateTime?: string;
              id: string;
              label: string;
              resourceId?: string;
              resourceLinkId?: string;
              scoreMaximum: number;
              startDateTime?: string;
              tag?: string;
          },
      >

      Created line item with platform-generated ID and validated data

      When AGS is not available, input validation fails, or creation fails

      const newLineItem = await ltiTool.createLineItem(session, {
        label: 'Quiz 1',
        scoreMaximum: 100,
        tag: 'quiz',
        resourceId: 'quiz-001'
      });
      console.log('Created line item:', newLineItem.id);

    • Creates and stores a new LTI session from validated JWT payload.

      Parameters

      • lti13JwtPayload: {
            aud: string | string[];
            email: string;
            exp: number;
            family_name: string;
            given_name: string;
            "https://purl.imsglobal.org/spec/lti-ags/claim/endpoint"?: {
                lineitem?: string;
                lineitems?: string;
                scope: string[];
            };
            "https://purl.imsglobal.org/spec/lti-dl/claim/deep_linking_settings"?: {
                accept_media_types?: string;
                accept_multiple?: boolean;
                accept_presentation_document_targets: string[];
                accept_types: string[];
                auto_create?: boolean;
                data?: string;
                deep_link_return_url: string;
            };
            "https://purl.imsglobal.org/spec/lti-nrps/claim/namesroleservice"?: {
                context_memberships_url: string;
                service_versions?: string[];
            };
            "https://purl.imsglobal.org/spec/lti/claim/context"?: {
                id: string;
                label?: string;
                title?: string;
            };
            "https://purl.imsglobal.org/spec/lti/claim/custom"?: Record<string, string>;
            "https://purl.imsglobal.org/spec/lti/claim/deployment_id": string;
            "https://purl.imsglobal.org/spec/lti/claim/launch_presentation"?: {
                locale?: string;
                target?: string;
                url?: string;
            };
            "https://purl.imsglobal.org/spec/lti/claim/lis"?: {
                person_sourcedid?: string;
            };
            "https://purl.imsglobal.org/spec/lti/claim/message_type": | "LtiResourceLinkRequest"
            | "LtiDeepLinkingRequest";
            "https://purl.imsglobal.org/spec/lti/claim/resource_link"?: {
                id: string;
                title?: string;
            };
            "https://purl.imsglobal.org/spec/lti/claim/roles"?: string[];
            "https://purl.imsglobal.org/spec/lti/claim/target_link_uri": string;
            "https://purl.imsglobal.org/spec/lti/claim/tool_platform"?: {
                contact_email?: string;
                description?: string;
                guid: string;
                name?: string;
                product_family_code?: string;
                url?: string;
                version?: string;
            };
            "https://purl.imsglobal.org/spec/lti/claim/version": "1.3.0";
            iat: number;
            iss: string;
            name: string;
            nbf?: number;
            nonce: string;
            sub: string;
        }

        Validated LTI 1.3 JWT payload from successful launch

      Returns Promise<LTISession>

      Created session object with user, context, and service information

    • Removes a client configuration and all its deployments.

      Parameters

      • clientId: string

        Unique client identifier

      Returns Promise<void>

    • Removes a deployment from a client.

      Parameters

      • clientId: string

        Client identifier

      • deploymentId: string

        Deployment identifier to remove

      Returns Promise<void>

    • Deletes a line item (gradebook column) from the platform using Assignment and Grade Services (AGS).

      Parameters

      • session: LTISession

        Active LTI session containing AGS service endpoints

      Returns Promise<void>

      When AGS is not available or deletion fails

    • Removes a registration session from storage after completion or expiration. Used for cleanup to prevent session accumulation.

      Parameters

      • sessionId: string

        Unique session identifier to delete

      Returns Promise<void>

    • Fetches and validates the OpenID Connect configuration from an LTI platform during dynamic registration. Validates that the OIDC endpoint and issuer have matching hostnames for security.

      Parameters

      • registrationRequest: { openid_configuration: string; registration_token?: string }

        Registration request containing openid_configuration URL and optional registration_token

      Returns Promise<
          {
              authorization_endpoint: string;
              authorization_server?: string;
              claims_supported: string[];
              "https://purl.imsglobal.org/spec/lti-platform-configuration": {
                  messages_supported: {
                      placements?: string[];
                      type: string;
                      [key: string]: unknown;
                  }[];
                  product_family_code: string;
                  variables?: string[];
                  version: string;
              };
              id_token_signing_alg_values_supported: string[];
              issuer: string;
              jwks_uri: string;
              registration_endpoint: string;
              response_types_supported: string[];
              scopes_supported: string[];
              subject_types_supported: string[];
              token_endpoint: string;
              token_endpoint_auth_methods_supported: string[];
              token_endpoint_auth_signing_alg_values_supported: string[];
              [key: string]: unknown;
          },
      >

      Validated OpenID configuration with platform endpoints and supported features

      When the configuration fetch fails, validation fails, or hostname mismatch detected

      const config = await ltiTool.fetchPlatformConfiguration({
        openid_configuration: 'https://platform.edu/.well-known/openid_configuration',
        registration_token: 'optional-bearer-token'
      });
      console.log('Platform issuer:', config.issuer);

    • Retrieves a specific client configuration by ID.

      Parameters

      • clientId: string

        Unique client identifier

      Returns Promise<LTIClient | undefined>

      Client configuration if found, undefined otherwise

    • Retrieves a specific deployment configuration.

      Parameters

      • clientId: string

        Client identifier

      • deploymentId: string

        Deployment identifier

      Returns Promise<LTIDeployment | undefined>

      Deployment configuration if found, undefined otherwise

    • Generates JSON Web Key Set (JWKS) containing the tool's public key for platform verification.

      Returns Promise<JWKS>

      JWKS object with the tool's public key for JWT signature verification

    • Retrieves a specific line item (gradebook column) from the platform using Assignment and Grade Services (AGS).

      Parameters

      • session: LTISession

        Active LTI session containing AGS service endpoints

      Returns Promise<
          {
              endDateTime?: string;
              id: string;
              label: string;
              resourceId?: string;
              resourceLinkId?: string;
              scoreMaximum: number;
              startDateTime?: string;
              tag?: string;
          },
      >

      Line item data from the platform

      When AGS is not available or request fails

    • Retrieves course/context members using Names and Role Provisioning Services (NRPS).

      Parameters

      • session: LTISession

        Active LTI session containing NRPS service endpoints

      Returns Promise<
          {
              email?: string;
              familyName?: string;
              givenName?: string;
              lisPersonSourcedId?: string;
              middleName?: string;
              name: string;
              picture?: string;
              roles: string[];
              status: string;
              userId: string;
          }[],
      >

      Array of members with clean camelCase properties

      When NRPS is not available or request fails

      const members = await ltiTool.getMembers(session);
      const instructors = members.filter(m =>
        m.roles.some(role => role.includes('Instructor'))
      );

    • Retrieves a registration session by its ID for validation during completion. Returns undefined if the session is not found or has expired.

      Parameters

      • sessionId: string

        Unique session identifier

      Returns Promise<LTIDynamicRegistrationSession | undefined>

      Registration session if found and not expired, undefined otherwise

    • Retrieves all scores for a specific line item from the platform using Assignment and Grade Services (AGS).

      Parameters

      • session: LTISession

        Active LTI session containing AGS service endpoints

      Returns Promise<
          {
              activityProgress?: | "Initialized"
              | "Started"
              | "InProgress"
              | "Submitted"
              | "Completed";
              comment?: string;
              gradingProgress?: | "FullyGraded"
              | "Pending"
              | "PendingManual"
              | "Failed"
              | "NotReady";
              id: string;
              resultMaximum?: number;
              resultScore?: number;
              scoreOf: string;
              timestamp?: string;
              userId: string;
          }[],
      >

      Array of score submissions for the line item

      When AGS is not available or request fails

      const scores = await ltiTool.getScores(session);
      console.log('All scores:', scores.map(s => `${s.userId}: ${s.scoreGiven}`));

    • Retrieves an existing LTI session by session ID.

      Parameters

      • sessionId: string

        Unique session identifier

      Returns Promise<LTISession | undefined>

      Session object if found, undefined otherwise

    • Handles LTI 1.3 login initiation by generating state/nonce and redirecting to platform auth.

      Parameters

      • params: {
            client_id: string;
            iss: string;
            launchUrl: string | URL;
            login_hint: string;
            lti_deployment_id: string;
            lti_message_hint?: string;
            target_link_uri: string;
        }

        Login parameters from the platform

        • client_id: string

          OAuth2 client identifier for this tool

        • iss: string

          Platform issuer URL (identifies the LMS)

        • launchUrl: string | URL

          URL where platform will POST the id_token after auth

        • login_hint: string

          Platform-specific user identifier hint

        • lti_deployment_id: string

          Deployment identifier within the platform

        • Optionallti_message_hint?: string

          Optional platform-specific message context

        • target_link_uri: string

          Final destination URL after successful launch

      Returns Promise<string>

      Authorization URL to redirect user to for authentication

      When platform configuration is not found

    • Initiates LTI 1.3 dynamic registration by fetching platform configuration and generating registration form. Creates a temporary session and returns vendor-specific HTML form for service selection.

      Parameters

      • registrationRequest: { openid_configuration: string; registration_token?: string }

        Registration request containing openid_configuration URL and optional registration_token

      • requestPath: string

        Current request path used to build form action URLs

      Returns Promise<string>

      HTML form for service selection and registration completion

      When dynamic registration service is not configured or platform configuration fails

    • Retrieves all configured LTI client platforms.

      Returns Promise<Omit<LTIClient, "deployments">[]>

      Array of client configurations (without deployment details)

    • Retrieves line items (gradebook columns) from the platform using Assignment and Grade Services (AGS).

      Parameters

      • session: LTISession

        Active LTI session containing AGS service endpoints

      Returns Promise<
          {
              endDateTime?: string;
              id: string;
              label: string;
              resourceId?: string;
              resourceLinkId?: string;
              scoreMaximum: number;
              startDateTime?: string;
              tag?: string;
          }[],
      >

      Array of line items from the platform

      When AGS is not available or request fails

    • Stores a temporary registration session during LTI 1.3 dynamic registration flow. Sessions automatically expire after the configured TTL period.

      Parameters

      • sessionId: string

        Unique session identifier (typically a UUID)

      • session: LTIDynamicRegistrationSession

        Registration session data including platform config and tokens

      Returns Promise<void>

    • Submits a grade score to the platform using Assignment and Grade Services (AGS).

      Parameters

      • session: LTISession

        Active LTI session containing AGS service endpoints

      • score: {
            activityProgress:
                | "Initialized"
                | "Started"
                | "InProgress"
                | "Submitted"
                | "Completed";
            comment?: string;
            gradingProgress: | "FullyGraded"
            | "Pending"
            | "PendingManual"
            | "Failed"
            | "NotReady";
            scoreGiven: number;
            scoreMaximum: number;
            timestamp?: string;
            userId?: string;
        }

        Score submission data including grade value and user ID

        • activityProgress: "Initialized" | "Started" | "InProgress" | "Submitted" | "Completed"

          Student's progress on the activity itself.

          • Initialized: Student has started but not made progress
          • Started: Student has begun working
          • InProgress: Student is actively working
          • Submitted: Student has submitted work for review
          • Completed: Student has finished the activity
        • Optionalcomment?: string

          Optional feedback comment to display to the student

        • gradingProgress: "FullyGraded" | "Pending" | "PendingManual" | "Failed" | "NotReady"

          Instructor's progress on grading the submission.

          • NotReady: Submission not ready for grading
          • Failed: Grading failed due to error
          • Pending: Awaiting automatic grading
          • PendingManual: Awaiting manual grading
          • FullyGraded: Grading is complete
        • scoreGiven: number

          Points awarded to the student (must be non-negative)

        • scoreMaximum: number

          Maximum possible points for this assignment (must be non-negative)

        • Optionaltimestamp?: string

          Timestamp when score was generated (optional - defaults to current time)

        • OptionaluserId?: string

          User ID to submit score for (optional - defaults to session user if not provided)

      Returns Promise<void>

      When AGS is not available or submission fails

    • Updates an existing client configuration.

      Parameters

      • clientId: string

        Unique client identifier

      • client: Partial<Omit<LTIClient, "id" | "deployments">>

        Partial client object with fields to update

      Returns Promise<void>

    • Updates an existing deployment configuration.

      Parameters

      • clientId: string

        Client identifier

      • deploymentId: string

        Deployment identifier

      • deployment: Partial<LTIDeployment>

        Partial deployment object with fields to update

      Returns Promise<void>

    • Updates an existing line item (gradebook column) on the platform using Assignment and Grade Services (AGS).

      Parameters

      • session: LTISession

        Active LTI session containing AGS service endpoints

      • updateLineItem: {
            endDateTime?: string;
            label: string;
            resourceId?: string;
            scoreMaximum: number;
            startDateTime?: string;
            tag?: string;
        }

        Updated line item data including all required fields

        • OptionalendDateTime?: string

          Optional end date/time for the assignment

        • label: string

          Human-readable label for the line item

        • OptionalresourceId?: string

          Optional resource identifier that this line item is associated with

        • scoreMaximum: number

          Maximum score possible for this line item

        • OptionalstartDateTime?: string

          Optional start date/time for the assignment

        • Optionaltag?: string

          Optional tag to identify the line item

      Returns Promise<
          {
              endDateTime?: string;
              id: string;
              label: string;
              resourceId?: string;
              resourceLinkId?: string;
              scoreMaximum: number;
              startDateTime?: string;
              tag?: string;
          },
      >

      Updated line item with validated data from the platform

      When AGS is not available, input validation fails, or update fails

    • Verifies and validates an LTI 1.3 launch by checking JWT signatures, nonces, and claims.

      Performs comprehensive security validation including:

      • JWT signature verification using platform's JWKS
      • State JWT verification to prevent CSRF
      • Nonce validation to prevent replay attacks
      • Client ID and deployment ID verification
      • LTI 1.3 claim structure validation

      Parameters

      • idToken: string

        JWT id_token received from platform after authentication

      • state: string

        State JWT that was generated during login initiation

      Returns Promise<
          {
              aud: string
              | string[];
              email: string;
              exp: number;
              family_name: string;
              given_name: string;
              "https://purl.imsglobal.org/spec/lti-ags/claim/endpoint"?: {
                  lineitem?: string;
                  lineitems?: string;
                  scope: string[];
              };
              "https://purl.imsglobal.org/spec/lti-dl/claim/deep_linking_settings"?: {
                  accept_media_types?: string;
                  accept_multiple?: boolean;
                  accept_presentation_document_targets: string[];
                  accept_types: string[];
                  auto_create?: boolean;
                  data?: string;
                  deep_link_return_url: string;
              };
              "https://purl.imsglobal.org/spec/lti-nrps/claim/namesroleservice"?: {
                  context_memberships_url: string;
                  service_versions?: string[];
              };
              "https://purl.imsglobal.org/spec/lti/claim/context"?: {
                  id: string;
                  label?: string;
                  title?: string;
              };
              "https://purl.imsglobal.org/spec/lti/claim/custom"?: Record<
                  string,
                  string,
              >;
              "https://purl.imsglobal.org/spec/lti/claim/deployment_id": string;
              "https://purl.imsglobal.org/spec/lti/claim/launch_presentation"?: {
                  locale?: string;
                  target?: string;
                  url?: string;
              };
              "https://purl.imsglobal.org/spec/lti/claim/lis"?: {
                  person_sourcedid?: string;
              };
              "https://purl.imsglobal.org/spec/lti/claim/message_type": | "LtiResourceLinkRequest"
              | "LtiDeepLinkingRequest";
              "https://purl.imsglobal.org/spec/lti/claim/resource_link"?: {
                  id: string;
                  title?: string;
              };
              "https://purl.imsglobal.org/spec/lti/claim/roles"?: string[];
              "https://purl.imsglobal.org/spec/lti/claim/target_link_uri": string;
              "https://purl.imsglobal.org/spec/lti/claim/tool_platform"?: {
                  contact_email?: string;
                  description?: string;
                  guid: string;
                  name?: string;
                  product_family_code?: string;
                  url?: string;
                  version?: string;
              };
              "https://purl.imsglobal.org/spec/lti/claim/version": "1.3.0";
              iat: number;
              iss: string;
              name: string;
              nbf?: number;
              nonce: string;
              sub: string;
          },
      >

      Validated and parsed LTI 1.3 JWT payload

      When verification fails for security reasons

    Settings

    Member Visibility

    On This Page

    Constructors
    Methods