feat: LTI 1.3 Passport Refactor + Database Cleanup Support

[navinkarkera]

Description

Split LTI 1.3 Configuration into Passport Model

• Introduce Lti1p3Passport model to centralize LTI 1.3 keys and credentials
• Move lti_1p3_internal_private_key, lti_1p3_internal_private_key_id, lti_1p3_internal_public_jwk, lti_1p3_client_id, lti_1p3_tool_public_key, and lti_1p3_tool_keyset_url fields from LtiConfiguration to Lti1p3Passport
• Add ForeignKey relationship from LtiConfiguration to Lti1p3Passport
• Implement passport-based key generation and retrieval
• Add clean() validation to Lti1p3Passport to ensure at least one of lti_1p3_tool_public_key or lti_1p3_tool_keyset_url is set
• Update validation in LtiConfiguration.clean() to check for passport presence instead of tool key fields
• Refactor get_or_create_local_lti_config() to handle passport creation and sync block/passport key configurations
• Update API endpoints to work with passport ID instead of configuration ID
• Add admin interface for Lti1p3Passport model
• Refactor access_token_endpoint and public_keyset_endpoint to use passport ID
• Update API and views to work with the new passport model
• Generate migration to remove fields from LtiConfiguration table
• Update data migration to copy existing configurations to the new Passport model
• Update XBlock to store passport ID instead of config ID
• Fix copy-paste issue in resource_link_id generation

Support Database Cleanup for Deleted Blocks

• New signal handlers to:
  • Automatically delete orphaned configurations during pre_item_delete (block/children).
  • Purge unused passport objects from the LTI 1.3 Passport model.

Related

• Depends on feat: add pre-delete signal openedx-platform#38289
• Related to: https://github.com/openedx/xblock-lti-consumer/issues/594\
• Previous iteration: feat: decouple xblock and lti config to fix copy-paste #606

Test instructions

• Use sandbox to test.
• Create a working 1.3 LTI xblock.
• Copy and paste the xblock.
• Make sure both xblocks are working.
• Go to <studio_url>/admin/lti_consumer/ and check configuration and passport entries.
• Both configuration should use a single passport.
• Now go and modify lti_1p3_tool_keyset_url in one of the xblocks and save. This should create a new passport entry instead of modifying the original one to avoid changing other block.
• Finally test all LTI 1.3 features to make sure that we have not broken existing features.

[openedx-webhooks]

Thanks for the pull request, @navinkarkera!

This repository is currently maintained by @Faraz32123.

Once you've gone through the following steps feel free to tag them in a comment and let them know that your changes are ready for engineering review.

🔘 Get product approval

If you haven't already, check this list to see if your contribution needs to go through the product review process.

• If it does, you'll need to submit a product proposal for your contribution, and have it reviewed by the Product Working Group.
  • This process (including the steps you'll need to take) is documented here.
• If it doesn't, simply proceed with the next step.

🔘 Provide context

To help your reviewers and other members of the community understand the purpose and larger context of your changes, feel free to add as much of the following information to the PR description as you can:

• Dependencies

  This PR must be merged before / after / at the same time as ...

• Blockers

  This PR is waiting for OEP-1234 to be accepted.

• Timeline information

  This PR must be merged by XX date because ...

• Partner information

  This is for a course on edx.org.

• Supporting documentation
• Relevant Open edX discussion forum threads

🔘 Get a green build

If one or more checks are failing, continue working on your changes until this is no longer the case and your build turns green.

Details

---

Where can I find more information?

If you'd like to get more details on all aspects of the review process for open source pull requests (OSPRs), check out the following resources:

• Overview of Review Process for Community Contributions
• Pull Request Status Guide
• Making changes to your pull request

When can I expect my changes to be merged?

Our goal is to get community contributions seen and reviewed as efficiently as possible.

However, the amount of time that it takes to review and merge a PR can vary significantly based on factors such as:

• The size and impact of the changes that it introduces
• The need for product review
• Maintenance status of the parent repository

💡 As a result it may take up to several weeks or months to complete a review and merge your PR.

[navinkarkera]

@ayub02 Please use the sandbox to test.

[codecov]

Codecov Report

❌ Patch coverage is 98.46323% with 14 lines in your changes missing coverage. Please review.
✅ Project coverage is 97.64%. Comparing base (4fb7bba) to head (45f83c0).
⚠️ Report is 1 commits behind head on master.

Files with missing lines	Patch %	Lines
...ssport_context_key_lti1p3passport_name_and_more.py	76.92%	6 Missing ⚠️
lti_consumer/models.py	96.80%	3 Missing ⚠️
lti_consumer/lti_xblock.py	83.33%	2 Missing ⚠️
lti_consumer/signals/signals.py	97.01%	2 Missing ⚠️
...onsumer/migrations/0021_create_lti_1p3_passport.py	96.87%	1 Missing ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##           master     #627      +/-   ##
==========================================
+ Coverage   97.59%   97.64%   +0.04%     
==========================================
  Files          79       84       +5     
  Lines        6871     7594     +723     
==========================================
+ Hits         6706     7415     +709     
- Misses        165      179      +14     

Flag	Coverage Δ
unittests	97.64% <98.46%> (+0.04%)	⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[feanil]

@navinkarkera I like the approach of adding a new model for storing lti credentials independent of the blocks, this would obviate the need for external storage and make it easier to re-use storage. I've got a few questions specific to the implementation but I think this is the idea that we should try to land.

@ayub02 a question for you: Should import/export work for LTI blocks from one open edx instance to another? This has not worked before but this change will not really fix that either.

[feanil]

This is a get or create in practice right? So let's update the name.

[feanil]

What's the reason for this?

[navinkarkera]

Just to allow us to include some fields instead of excluding lot of fields incase we only need few of them.

[feanil]

Does it make sense to add a passport_name field now and let the users set it so that when we make this re-usable they will already have human readable names and we can show them to the user? Also currently these settings have no scope. Since we're newly introducing it, does it make sense to make it scoped to a context key of some sort to begin with?

[navinkarkera]

Does it make sense to add a passport_name field now

Yes, good idea!

Since we're newly introducing it, does it make sense to make it scoped to a context key of some sort to begin with?

Makes sense. Should we worry about them being used out of context for now? Like if you copy and paste in different courses, they will be using the same passport.

[navinkarkera]

About passport_name:

• Should we make this field unique in combination with the context_key?
• We'll still need passport_id as it needs to be unique across the table.

[feanil]

I think let's not worry about the name uniqueness for now, think of it more as a display name. In the future, we may want to have some passports shared across an org or across a whole site, and so that course or library context wouldn't make sense then. I think when we display the key to the user, it could get confusing but only if the authors are creating multiple credentials with the same name. As a future option we will need to add a way to edit all the existing configs but something like that is already in the conversation for Willow so we can worry about it then.

[navinkarkera]

Got it.

How would the Author specify the name and context_key? Should we add them to the xblock settings editor?

For existing blocks, we could use xblock name as default value for passport name, something like: f"Passport for: {xblock_name}" and add course key as context_key.

[feanil]

Should we also be dropping these fields from the xblock at the same time? We're not really using them for storage as much as to make it easier to use the old studio block rendering helper. Since we're redoing the frontend, do we need those fields to exist on the block? @rpenido perhaps you're the right person to answer that question?

[navinkarkera]

• We are moving them (including existing data) to passport model.
• AFAIK, the frontend doesn't really depend on the database models.

[feanil]

ok, so maybe it's a follow up PR to drop the keys from the block, in-case there are issues and we need to rollback the migration or re-run it we can leave them in for now. Can you make a ticket in this repo to follow up on the removal once the code has been live for a release?

[navinkarkera]

They are not present in the xblock. They were only present in the LtiConfiguration table.

[feanil]

When you call this function as a post-save function for LtiConfiguration for it also calls lti_configuration.save() conditionally. So you have a situation where we get a double save and a double call to the get_or_create function at the creation of each new LtiConfiguration instance. Take a look at the suggestion in the get_or_create function to see how we could avoid the double save firing.

[navinkarkera]

Nice catch!

[feanil]

Suggested change

	self.save()
	LtiConfiguration.objects.filter(pk=self.pk).update(lti_1p3_passport=passport)

The self.lti_1p3_passport = passport keeps the in-memory instance in sync. The update() writes the FK directly to the DB without going through save(), so the signal doesn't re-fire. The sync_configurations() bypass is fine here since we're only updating this FK field. But we should add a comment explaining this here.

[navinkarkera]

Same here!

[feanil]

If the try/catch above could throw an exception in which case block might not be set. In that case we'll get further exceptions. Do we need a continue in the Exception clause so that we don't error out here?

[navinkarkera]

@feanil Nice catch! I was fighting with sandbox deployment, most probably this is the issue.

[feanil]

This save() fires on every call to get_or_create_local_lti_config, which includes every LTI 1.3 author view render in Studio (via get_lti_1p3_launch_data → config_id_for_block) and every LTI launch. That means an author simply opening a block to check the client ID triggers a DB write even when nothing has changed.

The fix is to only save when something actually changed:

  dirty = (                                               
      lti_config.config_store != config_store or                                                                                
      lti_config.external_id != block.external_config or
      lti_config.version != lti_version or                                                                                      
      lti_config.lti_1p3_passport != passport                                                                                   
  )                                                                                                                             
  if dirty:                                                                                                                     
      lti_config.save()                                                                                                         

The longer-term fix would be to move the reconciliation logic into an override of submit_studio_edits so it only fires when an author actually saves changes in Studio. That doesn't cover all cases though (imports, duplicates) so a dirty-check fallback would still be needed. Worth a follow-up ticket.

[navinkarkera]

Yes, even I am not happy about the DB changes on each render.

For now I have refactored the whole function with some help from AI. I still need to test it a bit more.

[feanil]

I don't see a pre_item_delete signal in the modulestore SignalHandler. Is this defined elsewhere?

[navinkarkera]

It is part of this PR: openedx/openedx-platform#38192, I have added this in the description as a dependency.

[feanil]

nit: Does this need to be a public function? Seems like it's only called from a different private function and should remain an internal function (prefix with an underscore?)

[navinkarkera]

Yes, at some point I used it outside but not needed anymore.

[feanil]

@navinkarkera let me know when you want me to take another Pass at reviewing this.

[navinkarkera]

@feanil Yes, it is ready for another round.

[feanil]

PR generally looks good, I'm going to do some more testing of it next week before final approval in-case I find any issues but no major new issues from my review.

What's the status of the openedx-platform PR? Are we ready to review/land that?

[feanil]

Nit: The pk=None will make this into a new object but it's a bit of a trick. Add a comment to say we're using it to duplicate this object without having to enumerate all the fields here and making this function more brittle.

There's also a risk that if we introduce a new generated key in the future like config_id that this function would not update that correctly. This is hypothetical so no need to code to defensively around it unless you can think of an easy way to do so. Nothing obvious comes to mind for me.

[navinkarkera]

I refactored it to use model_to_dict and also handle possible errors. c2c7ec7

[navinkarkera]

What's the status of the openedx-platform PR? Are we ready to review/land that?

@feanil Yes.

[navinkarkera]

@feanil Thanks for the in depth review! I made a small change after your review here: 8e5b926
We don't need to modify xblock fields now that we add passport_id directly to the xml.

[feanil]

@navinkarkera I'm not actually sure that we should remove the save logic completely. Right now, the id does not get saved at all on the original block which seems like it wolud lead to future confusion. I think it's worth making sure that when we instantiate the LtiPassport, that it's passport_id makes it back to the block. The add_xml_to_node fix generally bypasses this now but if someone makes changes there assuming the id is also on the block, it could lead to errors in the future.

What do you think? I think this is okay to land as is also if you disagree but given how hard it is to reason through this code right now, my inclination is to make it more robust and unsurprising where possible.

[navinkarkera]

@feanil I wanted to avoid calling save_xblock at that point as it is also called in LMS but I agree that it could be confusing in future. I'll revert the changes.

[feanil]

Right, it makes sense to not have that call in the LMS and I guess it's really hard right now to differentiate the call from the LMS vs an instantiation of the block in studio? The critical thing is to save the id to the block when we create the new instance of the block in studio. This happens on copy paste but not on other instantiations.

[feanil]

Merged and is being released now: https://github.com/openedx/xblock-lti-consumer/releases/tag/v11.0.0