Skip to content

OAuth login from OpenEDX

After meeting with Udo, it seems that LTI integration is the way to do client-side OAuth authentication with OpenEDX. In openEDX, someone clicks a lick "go to X", and then this will redirect them along with oauth information about them (username, email address, etc.) to QPixel. We then have to catch this response, verify it and sign in as the correct user.

Good news is that there seems to be a ruby library for LTI integrations called ims-lti, and it recently received updates. There are also some tutorials http://splice.cs.vt.edu/lti/tutorials/rails which we could partially follow.

What we have to build is the following:

  • Table just like for SAML where we store/update the anonymous_user_id coming from openEDX (this is the unique id we may need in the future)
  • An LTI_Controller + route for handling the login attempt. This should do verification of LTI message (using library), user creation if not existent or find if already existing, then sign_in with devise.

Udo did mention that ideally we are able to handle an OAuth request which contains only the unique user id from OpenEDX, and then request from the user a name and email address. This will be the linking method which needs to be used in the future, so if we can immediately also support this case that would be very good. (I.e. first sign in means that we don't know this info yet, any subsequent sign in would just match with the openEDX id).