Public bug reported:
When you set up an external app, e.g. LTI or LTI Advantage, you can
delete it from Admin menu -> Web services -> External apps even when
some people are still associated with it as authentication method,
essentially rendering their accounts unusable. Normally, when an
authentication method is still in use, you cannot remove it for an
institution.
There are a few things that would require clean-up and improvement:
1. Since not all external apps need to be tied to authentication, it
would be best to add a new option into the configuration screen of an
external app called 'Use for authentication' and add a Yes/No switch so
that if an account holder is using it as auth method (primary or
secondary), this information can be checked and it can be determined
whether to delete that external app or not.
2. If a person still uses that authentication method then the external
app should not display a 'Delete' button for that external app so that
it can't be deleted accidentally.
3. Actually tie an external app to a particular 'webservice'
authentication. Right now, when you select 'webservice' as
authentication method in an institution, you can't configure it, and it
checks whether web services are available in the institution and then
allow those in. It does not check though if, for example, it should be
LTI or LTI Advantage with which an account is set up.
Therefore, what should happen is the following:
a) Site admin sets up an LTI external app for institution A and calls it 'LMS'
and sets up a second one for LTI advantage called 'University'.
b) Site admin selects 'webservices' (rename to 'External app) as auth method in
the institution settings for institution A and sees a drop-down menu with all
available external apps, in this case 'LMS' and 'University' and selects one of
them. The display in the settings page reads 'External app: LMS' (or 'External
app: University').
c) When a student logs in via the LMS external app, their account is associated
with that external authentication method.
d) On the 'External apps' page, 'LMS' doesn't have a 'Delete' icon because an
account is associated with it and uses that app to log in.
We will need to think about how to deal with that in an upgrade because
at the moment, an institution could have two LTI external apps
configured and in the auth instance table there would be only one
'webservices' option, not differentiating between the different apps.
** Affects: mahara
Importance: High
Status: Confirmed
--
You received this bug notification because you are a member of Mahara
Contributors, which is subscribed to Mahara.
Matching subscriptions: mahara-contributors
https://bugs.launchpad.net/bugs/1947528
Title:
You can delete external apps even when some people are using it as
auth method
Status in Mahara:
Confirmed
Bug description:
When you set up an external app, e.g. LTI or LTI Advantage, you can
delete it from Admin menu -> Web services -> External apps even when
some people are still associated with it as authentication method,
essentially rendering their accounts unusable. Normally, when an
authentication method is still in use, you cannot remove it for an
institution.
There are a few things that would require clean-up and improvement:
1. Since not all external apps need to be tied to authentication, it
would be best to add a new option into the configuration screen of an
external app called 'Use for authentication' and add a Yes/No switch
so that if an account holder is using it as auth method (primary or
secondary), this information can be checked and it can be determined
whether to delete that external app or not.
2. If a person still uses that authentication method then the external
app should not display a 'Delete' button for that external app so that
it can't be deleted accidentally.
3. Actually tie an external app to a particular 'webservice'
authentication. Right now, when you select 'webservice' as
authentication method in an institution, you can't configure it, and
it checks whether web services are available in the institution and
then allow those in. It does not check though if, for example, it
should be LTI or LTI Advantage with which an account is set up.
Therefore, what should happen is the following:
a) Site admin sets up an LTI external app for institution A and calls it
'LMS' and sets up a second one for LTI advantage called 'University'.
b) Site admin selects 'webservices' (rename to 'External app) as auth method
in the institution settings for institution A and sees a drop-down menu with
all available external apps, in this case 'LMS' and 'University' and selects
one of them. The display in the settings page reads 'External app: LMS' (or
'External app: University').
c) When a student logs in via the LMS external app, their account is
associated with that external authentication method.
d) On the 'External apps' page, 'LMS' doesn't have a 'Delete' icon because an
account is associated with it and uses that app to log in.
We will need to think about how to deal with that in an upgrade
because at the moment, an institution could have two LTI external apps
configured and in the auth instance table there would be only one
'webservices' option, not differentiating between the different apps.
To manage notifications about this bug go to:
https://bugs.launchpad.net/mahara/+bug/1947528/+subscriptions
_______________________________________________
Mailing list: https://launchpad.net/~mahara-contributors
Post to : mahara-contributors@lists.launchpad.net
Unsubscribe : https://launchpad.net/~mahara-contributors
More help : https://help.launchpad.net/ListHelp
