import type { JWKS } from './interfaces/jwks.js'; import type { LTIClient } from './interfaces/ltiClient.js'; import type { LTIConfig } from './interfaces/ltiConfig.js'; import type { LTIDeployment } from './interfaces/ltiDeployment.js'; import type { LTIDynamicRegistrationSession } from './interfaces/ltiDynamicRegistrationSession.js'; import type { LTISession } from './interfaces/ltiSession.js'; import { type DynamicRegistrationForm, type LTI13JwtPayload, type RegistrationRequest } from './schemas/index.js'; import { type CreateLineItem, type LineItem, type LineItems, type UpdateLineItem } from './schemas/lti13/ags/lineItem.schema.js'; import { type Results } from './schemas/lti13/ags/result.schema.js'; import { type ScoreSubmission } from './schemas/lti13/ags/scoreSubmission.schema.js'; import { type DeepLinkingContentItem } from './schemas/lti13/deepLinking/contentItem.schema.js'; import { type OpenIDConfiguration } from './schemas/lti13/dynamicRegistration/openIDConfiguration.schema.js'; import { type Member } from './schemas/lti13/nrps/contextMembership.schema.js'; import { type AGSGetScoresOptions, type AGSLineItemTargetOptions, type AGSListLineItemsOptions } from './services/ags.service.js'; /** * Main LTI 1.3 Tool implementation providing secure authentication, launch verification, * and LTI Advantage services integration. * * @example * ```typescript * const ltiTool = new LTITool({ * stateSecret: new TextEncoder().encode('your-secret'), * keyPair: await generateKeyPair('RS256'), * storage: new MemoryStorage() * }); * * // Handle login initiation * const authUrl = await ltiTool.handleLogin({ * client_id: 'your-client-id', * iss: 'https://platform.example.com', * launchUrl: 'https://yourtool.com/lti/launch', * login_hint: 'user123', * target_link_uri: 'https://yourtool.com/content', * lti_deployment_id: 'deployment123' * }); * ``` */ export declare class LTITool { private config; /** Cache for JWKS remote key sets to improve performance */ private jwksCache; private verifiedLaunchClientIds; private logger; private tokenService; private agsService; private nrpsService; private deepLinkingService; private dynamicRegistrationService?; /** * Creates a new LTI Tool instance. * * @param config - Configuration object containing secrets, keys, and storage adapter */ constructor(config: LTIConfig); /** * Handles LTI 1.3 login initiation by generating state/nonce and redirecting to platform auth. * * @param params - Login parameters from the platform * @param params.client_id - OAuth2 client identifier for this tool * @param params.iss - Platform issuer URL (identifies the LMS) * @param params.launchUrl - URL where platform will POST the id_token after auth * @param params.login_hint - Platform-specific user identifier hint * @param params.target_link_uri - Final destination URL after successful launch * @param params.lti_deployment_id - Deployment identifier within the platform * @param params.lti_message_hint - Optional platform-specific message context * @returns Authorization URL to redirect user to for authentication * @throws {Error} When platform configuration is not found */ handleLogin(params: { client_id: string; iss: string; launchUrl: URL | string; login_hint: string; target_link_uri: string; lti_deployment_id: string; lti_message_hint?: string; }): Promise; /** * Verifies and validates an LTI 1.3 launch by checking JWT signatures, nonces, and claims. * * Performs comprehensive security validation including: * - JWT signature verification using platform's JWKS * - State JWT verification to prevent CSRF * - Nonce validation to prevent replay attacks * - Client ID and deployment ID verification * - Target link URI binding to the value requested during login initiation * - LTI 1.3 claim structure validation * * @param idToken - JWT id_token received from platform after authentication * @param state - State JWT that was generated during login initiation * @returns Validated and parsed LTI 1.3 JWT payload * @throws {Error} When verification fails for security reasons */ verifyLaunch(idToken: string, state: string): Promise; private getOrCreateJwks; private verifyLaunchState; private verifyLaunchJwtWithCachedJwks; /** * Generates JSON Web Key Set (JWKS) containing the tool's public key for platform verification. * * @returns JWKS object with the tool's public key for JWT signature verification */ getJWKS(): Promise; /** * Creates and stores a new LTI session from validated JWT payload. * * @param lti13JwtPayload - Validated LTI 1.3 JWT payload from successful launch * @param clientId - Verified tool client ID when the JWT has multiple audiences. Required if the payload was not returned directly from verifyLaunch on this LTITool instance. * @returns Created session object with user, context, and service information */ createSession(lti13JwtPayload: LTI13JwtPayload, clientId?: string): Promise; /** * Retrieves an existing LTI session by session ID. * * @param sessionId - Unique session identifier * @returns Session object if found, undefined otherwise */ getSession(sessionId: string): Promise; /** * Submits a grade score to the platform using Assignment and Grade Services (AGS). * * @param session - Active LTI session containing AGS service endpoints * @param score - Score submission data including grade value and user ID * @throws {Error} When AGS is not available or submission fails */ submitScore(session: LTISession, score: ScoreSubmission): Promise; /** * Retrieves all scores for a specific line item from the platform using Assignment and Grade Services (AGS). * * @param session - Active LTI session containing AGS service endpoints * @param options - Optional line item target override and AGS result filters * @returns Array of score submissions for the line item * @throws {Error} When AGS is not available or request fails * * @example * ```typescript * const scores = await ltiTool.getScores(session); * console.log('All scores:', scores.map(s => `${s.userId}: ${s.scoreGiven}`)); * ``` */ getScores(session: LTISession, options?: AGSGetScoresOptions): Promise; /** * Retrieves line items (gradebook columns) from the platform using Assignment and Grade Services (AGS). * * @param session - Active LTI session containing AGS service endpoints * @param options - Optional AGS line item list filters * @returns Array of line items from the platform * @throws {Error} When AGS is not available or request fails */ listLineItems(session: LTISession, options?: AGSListLineItemsOptions): Promise; /** * Retrieves a specific line item (gradebook column) from the platform using Assignment and Grade Services (AGS). * * @param session - Active LTI session containing AGS service endpoints * @returns Line item data from the platform * @throws {Error} When AGS is not available or request fails */ getLineItem(session: LTISession, options?: AGSLineItemTargetOptions): Promise; /** * Creates a new line item (gradebook column) on the platform using Assignment and Grade Services (AGS). * * @param session - Active LTI session containing AGS service endpoints * @param createLineItem - Line item data including label, scoreMaximum, and optional metadata * @returns Created line item with platform-generated ID and validated data * @throws {Error} When AGS is not available, input validation fails, or creation fails * * @example * ```typescript * const newLineItem = await ltiTool.createLineItem(session, { * label: 'Quiz 1', * scoreMaximum: 100, * tag: 'quiz', * resourceId: 'quiz-001' * }); * console.log('Created line item:', newLineItem.id); * ``` */ createLineItem(session: LTISession, createLineItem: CreateLineItem): Promise; /** * Updates an existing line item (gradebook column) on the platform using Assignment and Grade Services (AGS). * * @param session - Active LTI session containing AGS service endpoints * @param updateLineItem - Updated line item data including all required fields * @returns Updated line item with validated data from the platform * @throws {Error} When AGS is not available, input validation fails, or update fails */ updateLineItem(session: LTISession, updateLineItem: UpdateLineItem): Promise; /** * Deletes a line item (gradebook column) from the platform using Assignment and Grade Services (AGS). * * @param session - Active LTI session containing AGS service endpoints * @throws {Error} When AGS is not available or deletion fails */ deleteLineItem(session: LTISession): Promise; /** * Retrieves course/context members using Names and Role Provisioning Services (NRPS). * * @param session - Active LTI session containing NRPS service endpoints * @returns Array of members with clean camelCase properties * @throws {Error} When NRPS is not available or request fails * * @example * ```typescript * const members = await ltiTool.getMembers(session); * const instructors = members.filter(m => * m.roles.some(role => role.includes('Instructor')) * ); * ``` */ getMembers(session: LTISession): Promise; /** * Creates a Deep Linking response with selected content items. * Generates a signed JWT and returns HTML form that auto-submits to the platform. * * @param session - Active LTI session containing Deep Linking configuration * @param contentItems - Array of content items selected by the user * @returns HTML string containing auto-submit form * @throws {Error} When Deep Linking is not available for the session * * @example * ```typescript * const html = await ltiTool.createDeepLinkingResponse(session, [ * { * type: 'ltiResourceLink', * title: 'Quiz 1', * url: 'https://tool.example.com/quiz/1' * } * ]); * // Render the HTML to return content items to platform * ``` */ createDeepLinkingResponse(session: LTISession, contentItems: DeepLinkingContentItem[]): Promise; /** * Fetches and validates the OpenID Connect configuration from an LTI platform during dynamic registration. * Validates that the OIDC endpoint and issuer have matching hostnames for security. * * @param registrationRequest - Registration request containing openid_configuration URL and optional registration_token * @returns Validated OpenID configuration with platform endpoints and supported features * @throws {Error} When the configuration fetch fails, validation fails, or hostname mismatch detected * * @example * ```typescript * const config = await ltiTool.fetchPlatformConfiguration({ * openid_configuration: 'https://platform.edu/.well-known/openid_configuration', * registration_token: 'optional-bearer-token' * }); * console.log('Platform issuer:', config.issuer); * ``` */ fetchPlatformConfiguration(registrationRequest: RegistrationRequest): Promise; /** * Initiates LTI 1.3 dynamic registration by fetching platform configuration and generating registration form. * Creates a temporary session and returns vendor-specific HTML form for service selection. * * @param registrationRequest - Registration request containing openid_configuration URL and optional registration_token * @param requestPath - Current request path used to build form action URLs * @returns HTML form for service selection and registration completion * @throws {Error} When dynamic registration service is not configured or platform configuration fails */ initiateDynamicRegistration(registrationRequest: RegistrationRequest, requestPath: string): Promise; /** * Completes LTI 1.3 dynamic registration by processing form submission and storing client configuration. * Validates session, registers with platform, stores client/deployment data, and returns success page. * * @param dynamicRegistrationForm - Validated form data containing selected services and session token * @returns HTML success page with registration details and close button * @throws {Error} When dynamic registration service is not configured or registration process fails */ completeDynamicRegistration(dynamicRegistrationForm: DynamicRegistrationForm): Promise; /** * Retrieves all configured LTI client platforms. * * @returns Array of client configurations (without deployment details) */ listClients(): Promise[]>; /** * Updates an existing client configuration. * * @param clientId - Unique client identifier * @param client - Partial client object with fields to update */ updateClient(clientId: string, client: Partial>): Promise; /** * Retrieves a specific client configuration by ID. * * @param clientId - Unique client identifier * @returns Client configuration if found, undefined otherwise */ getClientById(clientId: string): Promise; /** * Adds a new LTI client platform configuration. * * @param client - Client configuration (ID will be auto-generated) * @returns The generated client ID */ addClient(client: Omit): Promise; /** * Removes a client configuration and all its deployments. * * @param clientId - Unique client identifier */ deleteClient(clientId: string): Promise; /** * Lists all deployments for a specific client platform. * * @param clientId - Client identifier * @returns Array of deployment configurations for the client */ listDeployments(clientId: string): Promise; /** * Retrieves a specific deployment configuration. * * @param clientId - Client identifier * @param deploymentId - Deployment identifier * @returns Deployment configuration if found, undefined otherwise */ getDeployment(clientId: string, deploymentId: string): Promise; /** * Adds a new deployment to an existing client. * * @param clientId - Client identifier * @param deployment - Deployment configuration to add * @returns The generated deployment ID */ addDeployment(clientId: string, deployment: Omit): Promise; /** * Updates an existing deployment configuration. * * @param clientId - Client identifier * @param deploymentId - Deployment identifier * @param deployment - Partial deployment object with fields to update */ updateDeployment(clientId: string, deploymentId: string, deployment: Partial): Promise; /** * Removes a deployment from a client. * * @param clientId - Client identifier * @param deploymentId - Deployment identifier to remove */ deleteDeployment(clientId: string, deploymentId: string): Promise; /** * Stores a temporary registration session during LTI 1.3 dynamic registration flow. * Sessions automatically expire after the configured TTL period. * * @param sessionId - Unique session identifier (typically a UUID) * @param session - Registration session data including platform config and tokens */ setRegistrationSession(sessionId: string, session: LTIDynamicRegistrationSession): Promise; /** * Retrieves a registration session by its ID for validation during completion. * Returns undefined if the session is not found or has expired. * * @param sessionId - Unique session identifier * @returns Registration session if found and not expired, undefined otherwise */ getRegistrationSession(sessionId: string): Promise; /** * Removes a registration session from storage after completion or expiration. * Used for cleanup to prevent session accumulation. * * @param sessionId - Unique session identifier to delete */ deleteRegistrationSession(sessionId: string): Promise; } //# sourceMappingURL=ltiTool.d.ts.map