Implement IMS LTI 1.3 (LTI Advantage) Integration

[imrryr]

Summary:
We need to add support for the IMS Global Learning Tools Interoperability (LTI) 1.3 standard to MoFaCTS. This will allow MoFaCTS to be securely launched and integrated as an external tool in modern Learning Management Systems (LMSs) such as Canvas, Blackboard, Moodle, and others.

---

Background:
LTI 1.3 is the latest version of the IMS LTI standard, introducing a modern security model (OAuth 2.0, OpenID Connect, JWT) and improved interoperability. LTI 1.3 is the foundation for LTI Advantage, which also includes services for grade return, roster access, and deep linking.

Reference:
LTI 1.3 Core Specification

---

Requirements:

• LTI 1.3 Core Launch
  • Implement the LTI 1.3 launch flow, allowing MoFaCTS to be launched from an LMS (Moodle) as an LTI tool.
  • Support OpenID Connect authentication and JWT validation.
  • Parse and handle the required claims in the launch JWT (e.g., iss, aud, sub, nonce, deployment ID, resource link, context, roles).
  • Support HTTPS for all LTI endpoints.
• LTI Advantage Services (Phase 2, optional but preferred):
  • Assignment and Grade Services: Allow LMS to send grades back to MoFaCTS.
  • Names and Roles Provisioning Services: Allow MoFaCTS to access course roster and user roles.
  • Deep Linking: Allow instructors to select and configure MoFaCTS activities from within the LMS.
• Admin Configuration UI:
  • Provide a way for admins to register MoFaCTS as an LTI tool in an LMS (client ID, public keys, endpoints, etc.).
  • Allow configuration of deployment IDs and tool settings.
• Security:
  • Use OAuth 2.0 and OpenID Connect for authentication and authorization.
  • Validate and store deployment information securely.
  • Ensure all endpoints are protected and only accessible via valid LTI launches.

---

Acceptance Criteria:

• MoFaCTS can be registered and launched as an LTI 1.3 tool in at least one major LMS (e.g., Canvas, Moodle, Blackboard).
• Launches validate JWTs and securely establish user sessions with correct roles and context.
• (If LTI Advantage implemented) MoFaCTS can send grades back to the LMS and access course roster.
• All endpoints are HTTPS and follow IMS security best practices.

---

Resources:

• IMS LTI 1.3 Core Specification
• LTI 1.3 Implementation Guide
• LTI 1.3 Migration Guide
• LTI Advantage Overview

---

Notes:

• MoFaCTS is built with Meteor.js; consider using existing NPM packages for JWT, OAuth 2.0, and OpenID Connect.
• This is a breaking change from LTI 1.1; ensure backward compatibility or provide migration documentation if needed.
• If possible, provide automated tests for LTI launch and service endpoints.