lti13: Core functionality for LTI 1.3.

[ lgpl, library, web ] [ Propose Tags ]

A library implementing the core LTI 1.3 authentication protocol, suitable for use in implementing libraries for any web framework. An example use is

[Skip to Readme]
Versions [RSS] [faq],,,,,,,
Change log
Dependencies aeson (>=1.4.7 && <1.5), base (>=4.12.0 && <5), bytestring (>=0.10.10 && <0.11), containers (>=0.6.2 && <0.7), http-client (>=0.6.4 && <0.7), http-types (>=0.12.3 && <0.13), jose-jwt (>=0.8.0 && <0.9), oidc-client (>=0.5.1 && <0.6), safe-exceptions (>=0.1.7 && <0.2), text (>=1.2.4 && <1.3) [details]
License LGPL-3.0-only
Author Jade
Maintainer Jade <software at lfcode dot ca>
Category Web
Bug tracker
Source repo head: git clone
Uploaded by jade at 2021-01-10T11:21:28Z
Distributions NixOS:
Downloads 684 total (17 in the last 30 days)
Rating (no votes yet) [estimated by Bayesian average]
Your Rating
  • λ
  • λ
  • λ
Status Hackage Matrix CI
Docs not available [build log]
All reported builds failed as of 2021-01-10 [all 2 reports]


  • Web
    • Web.LTI13


Maintainer's Corner

For package maintainers and hackage trustees


Readme for lti13-

[back to package description]


This is a minimal implementation of LTI 1.3 authentication for Haskell. It supports performing LTI launches and getting most of the interesting fields of the resource link request.

This library is intended to be used in developing integrations with web frameworks, although it can be used directly. A sample integration is yesod-auth-lti13.

Correct usage

Client code is expected to maintain a CSRF token, the state parameter, in session storage and check it is the same as the one from handleAuthResponse, failing authentication if it is not. Future versions of the library may introduce a mandatory callback to ensure clients do this. For an example of this, see the yesod-auth-lti13 sources.