Skip to content

Instantly share code, notes, and snippets.

@matthanger

matthanger/blti-launch.php

Last active May 5, 2025 20:36
Show Gist options
  • Save matthanger/1171921 to your computer and use it in GitHub Desktop.
Save matthanger/1171921 to your computer and use it in GitHub Desktop.
Download ZIP
Sample code for Basic LTI Consumer in PHP
Raw
blti-launch.php
<?php
# ------------------------------
# START CONFIGURATION SECTION
#
$launch_url = "https://lti.tools/test/tp.php";
$key = "12345";
$secret = "secret";
$launch_data = array(
"user_id" => "292832126",
"roles" => "Instructor",
"resource_link_id" => "120988f929-274612",
"resource_link_title" => "Weekly Blog",
"resource_link_description" => "A weekly blog.",
"lis_person_name_full" => "Jane Q. Public",
"lis_person_name_family" => "Public",
"lis_person_name_given" => "Given",
"lis_person_contact_email_primary" => "[email protected]",
"lis_person_sourcedid" => "school.edu:user",
"context_id" => "456434513",
"context_title" => "Design of Personal Environments",
"context_label" => "SI182",
"tool_consumer_instance_guid" => "lmsng.school.edu",
"tool_consumer_instance_description" => "University of School (LMSng)"
);
#
# END OF CONFIGURATION SECTION
# ------------------------------
$now = new DateTime();
$launch_data["lti_version"] = "LTI-1p0";
$launch_data["lti_message_type"] = "basic-lti-launch-request";
# Basic LTI uses OAuth to sign requests
# OAuth Core 1.0 spec: http://oauth.net/core/1.0/
$launch_data["oauth_callback"] = "about:blank";
$launch_data["oauth_consumer_key"] = $key;
$launch_data["oauth_version"] = "1.0";
$launch_data["oauth_nonce"] = uniqid('', true);
$launch_data["oauth_timestamp"] = $now->getTimestamp();
$launch_data["oauth_signature_method"] = "HMAC-SHA1";
# In OAuth, request parameters must be sorted by name
$launch_data_keys = array_keys($launch_data);
sort($launch_data_keys);
$launch_params = array();
foreach ($launch_data_keys as $key) {
array_push($launch_params, $key . "=" . rawurlencode($launch_data[$key]));
}
$base_string = "POST&" . urlencode($launch_url) . "&" . rawurlencode(implode("&", $launch_params));
$secret = urlencode($secret) . "&";
$signature = base64_encode(hash_hmac("sha1", $base_string, $secret, true));
?>
<html>
<head></head>
<!-- <body onload="document.ltiLaunchForm.submit();"> -->
<body>
<form id="ltiLaunchForm" name="ltiLaunchForm" method="POST" action="<?php printf($launch_url); ?>">
<?php foreach ($launch_data as $k => $v ) { ?>
<input type="hidden" name="<?php echo $k ?>" value="<?php echo $v ?>">
<?php } ?>
<input type="hidden" name="oauth_signature" value="<?php echo $signature ?>">
<button type="submit">Launch</button>
</form>
<body>
</html>
@matthanger
Copy link
Author

More developer support for IMS Basic LTI: http://www.imsglobal.org/developers/BLTI/

@jankapunkt
Copy link

Hi, why do you double-encode the launch params on line 53 and line 56?

@rschrenk
Copy link

rschrenk commented Feb 16, 2017
edited
Loading

Hi, I tried to implement this Script but I only get an error by Moodle (this is used as LTI Provider): Invalid signature ours= Gi32FwbHmUJVnMuP/QR3isXRMWA= yours=9nAEE7fPnF/9T657HiRis6PmVqU=

What can I do?

@dennie170
Copy link

I have exactly the same problem as @rschrenk.

@t-schroeder
Copy link

t-schroeder commented Jul 3, 2017
edited
Loading

I got a signature mismatch aswell. I found the reason for it:

From https://www.imsglobal.org/specs/ltiv1p0/implementation-guide#toc-21:

Notice that all of the POST values, including the submit button, are included in the base string (i.e., the string signed by OAuth).

Just add "submit" => "Launch" to the end of $launch_data.

@jobercavalcante
Copy link

How can I get info from the LTI provider?

@matthanger
Copy link
Author

Hi all, this gist is pretty old at this point. You may want to look elsewhere, or at the LTI Implementation Guide: http://www.imsglobal.org/specs/ltiv1p1/implementation-guide

Here are other resources that might be useful:

@yousufttp
Copy link

I got a signature mismatch aswell. I found the reason for it:

From https://www.imsglobal.org/specs/ltiv1p0/implementation-guide#toc-21:

Notice that all of the POST values, including the submit button, are included in the base string (i.e., the string signed by OAuth).

Just add "submit" => "Launch" to the end of $launch_data.

this doesn't seems to resolve the issue, can some one tell me the fix please, am looking for a LTI consumer only

@yousufttp
Copy link

@matthanger pls review this

@yousufttp
Copy link

I was able to fix the issue, the issue I see is invalid signature, because I have added param in lunch url

@praveenshu
Copy link

@yousufttp can you please let me know how you fixed the issue .

@khalilalquraan
Copy link

Thank you very much, it is working

@saravanaprasanth28
Copy link

How can I get a response from the LTI provider?

@KalanaPerera
Copy link

if you're getting LTI request from different source make sure to unset param

unset($launch_data['oauth_signature'])

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment