ims-lti 2.1.2 → 2.3.3

checksums.yaml

@@ -1,7 +1,7 @@
 ---
-SHA1:
-  metadata.gz: 2bdd06e5c60fc13eb134e231cf0e0ee7738eb9a8
-  data.tar.gz: 56c1d472a02e4d5359b9e03977a0d9f604a3a09f
+SHA256:
+  metadata.gz: 2471bb32ba4e415a4134bca8b7fd89e395e6d2fcea9cf694ae3a094599bed683
+  data.tar.gz: 9978a2ca0c9f89cd4fdd03217cb0f13bde37098f45c319e2d813c3fad6102b31
 SHA512:
-  metadata.gz: 264a0293b2ccad3c5047d081ba08d6f2967a3e26c621855a1add4cafd113f3627d95cb75d95b491cc47293a35ded64ef9d82aa6ac61e393dde2e69189398fb91
-  data.tar.gz: 47cfe33a68b1a8ee738ab6d80bc8e8e8d4b75d8fc47c25da6e42fef69b9ca55f04a5b343b82687d161434943670f6149f75da13ec6fb5be30c2485f965bc6819
+  metadata.gz: b96119ce642dde977d998fb405576b21ca755311b841b49d9a985f556bf0fdfbbab60798027060f641463edd1329505a4a53ad916f75a9ce344d9c4723d1ab20
+  data.tar.gz: 5e4fd658b0658adcdbcca33feacf429f04e8a0f354eb6db1d031cfa4b0655f9a8478131919f215d833d872478462677bfcd04ed6ee298a00ed85bcb921f3313c

data/README.md

@@ -37,7 +37,7 @@ return false unless authenticator.valid_signature?
 # check if `params['oauth_nonce']` has already been used
 
 #check if the message is too old
-return false if DateTime.strptime(request.request_parameters['oauth_timestamp'],'%s') > 5.minutes.ago
+return false if DateTime.strptime(request.request_parameters['oauth_timestamp'],'%s') < 5.minutes.ago
 
 ```
 

data/lib/ims/lti/errors/authentication_failed_error.rb

@@ -0,0 +1,11 @@
+module IMS::LTI::Errors
+  class AuthenticationFailedError < StandardError
+
+    attr_reader :response
+
+    def initialize(response: nil)
+      @response = response
+    end
+
+  end
+end

data/lib/ims/lti/errors.rb

@@ -3,5 +3,6 @@ module IMS::LTI
     require_relative 'errors/invalid_lti_config_error'
     require_relative 'errors/tool_proxy_registration_error'
     require_relative 'errors/invalid_tool_consumer_profile'
+    require_relative 'errors/authentication_failed_error'
   end
 end

data/lib/ims/lti/models/lti_model.rb

@@ -1,3 +1,5 @@
+require 'uri'
+
 module IMS::LTI::Models
   class LTIModel
     LTI_VERSION_2P0 = 'LTI-2p0'.freeze
@@ -90,8 +92,13 @@ module IMS::LTI::Models
     end
 
     def from_json(json)
-      # JSON.parse(json.to_json) is a quick and dirty way to clone the json object passed in
-      data = json.is_a?(String) ? JSON.parse(json) : JSON.parse(json.to_json)
+      json = json.to_json unless json.is_a?(String)
+      begin
+        data = JSON.parse(json)
+      rescue
+        data = JSON.parse(URI::DEFAULT_PARSER.unescape(json))
+      end
+
       if data.is_a? Array
         data.map { |hash| self.class.from_json(hash.to_json) }
       else

data/lib/ims/lti/models/membership_service/lis_person.rb

@@ -1,6 +1,6 @@
 module IMS::LTI::Models::MembershipService
   class LISPerson < Person
-    attr_reader :email, :result_sourced_id, :sourced_id, :user_id
+    attr_reader :email, :result_sourced_id, :sourced_id, :user_id, :sis_id
 
     def initialize(opts={})
       super(opts)
@@ -8,6 +8,7 @@ module IMS::LTI::Models::MembershipService
       @result_sourced_id = opts[:result_sourced_id]
       @sourced_id = opts[:sourced_id]
       @user_id = opts[:user_id]
+      @sis_id = opts[:sis_id]
     end
   end
 end

data/lib/ims/lti/models/messages/basic_lti_launch_request.rb

@@ -3,7 +3,8 @@ module IMS::LTI::Models::Messages
 
     add_required_params :resource_link_id
     add_recommended_params :context_id, :launch_presentation_return_url, :tool_consumer_instance_guid
-    add_optional_params :context_type, :role_scope_mentor, :user_image
+    add_optional_params :context_type, :role_scope_mentor, :user_image,
+                      :lis_outcome_service_url, :lis_person_sourced_id, :lis_result_sourcedid
     add_deprecated_params :context_title, :context_label, :resource_link_title, :resource_link_description,
                       :lis_person_name_given, :lis_person_name_family, :lis_person_name_full,
                       :lis_person_contact_email_primary, :user_image, :lis_person_sourcedid,

data/lib/ims/lti/models/messages/message.rb

@@ -40,13 +40,26 @@ module IMS::LTI::Models::Messages
       def inherited(klass)
         @descendants ||= Set.new
         @descendants << klass
-        superclass.inherited(klass) unless(self == Message)
+        superclass.inherited(klass) unless (self == Message)
       end
 
       def descendants
         @descendants || Set.new
       end
 
+      # For signature generation -- see usage in signed_post_params
+      def convert_param_values_to_crlf_endings(hash)
+        hash.transform_values do |val|
+          if val.is_a?(String)
+            # Convert to all newlines first, for consistency, just in case there
+            # is some weird mix of newlines & carriage returns in input
+            val.encode(universal_newline: true).encode(crlf_newline: true)
+          else
+            val
+          end
+        end
+      end
+
       private
 
       def add_params(instance_variable, param, *params)
@@ -81,20 +94,34 @@ module IMS::LTI::Models::Messages
     OAUTH_KEYS = :oauth_callback, :oauth_consumer_key, :oauth_nonce, :oauth_signature, :oauth_signature_method,
       :oauth_timestamp, :oauth_token, :oauth_verifier, :oauth_version
 
-    attr_accessor :launch_url, *OAUTH_KEYS
+    attr_accessor :launch_url, :jwt, *OAUTH_KEYS
     attr_reader :unknown_params, :custom_params, :ext_params
 
     add_required_params :lti_message_type, :lti_version
 
-    def self.generate(params)
-      klass = self.descendants.select{|d| d::MESSAGE_TYPE == params['lti_message_type']}.first
-      klass ? klass.new(params) : Message.new(params)
+    def self.generate(launch_params)
+      params = launch_params.key?('jwt') ? parse_jwt(jwt: launch_params['jwt']) : launch_params
+      klass = self.descendants.select {|d| d::MESSAGE_TYPE == params['lti_message_type']}.first
+      message = klass ? klass.new(params) : Message.new(params)
+      message.jwt = launch_params['jwt'] if launch_params.key?('jwt')
+      message
     end
 
-    def initialize(attrs = {})
+    def self.parse_jwt(jwt:)
+      decoded_jwt = JSON::JWT.decode(jwt, :skip_verification)
+      params = decoded_jwt['org.imsglobal.lti.message'] || {}
+      custom = params.delete(:custom)
+      custom.each {|k,v| params["custom_#{k}"] = v }
+      params['consumer_key'] = decoded_jwt[:sub]
+      ext = params.delete(:ext)
+      ext.each {|k,v| params["ext_#{k}"] = v }
+      params
+    end
+
+    def initialize(attrs = {}, custom_params = {}, ext_params = {})
 
-      @custom_params = {}
-      @ext_params = {}
+      @custom_params = custom_params
+      @ext_params = ext_params
       @unknown_params = {}
 
       attrs.each do |k, v|
@@ -114,20 +141,32 @@ module IMS::LTI::Models::Messages
     end
 
     def add_custom_params(params)
-      params.each { |k, v| k.to_s.start_with?('custom_') ? @custom_params[k.to_s] = v : @custom_params["custom_#{k.to_s}"] = v }
+      params.each {|k, v| k.to_s.start_with?('custom_') ? @custom_params[k.to_s] = v : @custom_params["custom_#{k.to_s}"] = v}
     end
 
     def get_custom_params
-      @custom_params.inject({}) { |hash, (k, v)| hash[k.gsub(/\Acustom_/, '')] = v; hash }
+      @custom_params.inject({}) {|hash, (k, v)| hash[k.gsub(/\Acustom_/, '')] = v; hash}
+    end
+
+    def get_ext_params
+      @ext_params.inject({}) {|hash, (k, v)| hash[k.gsub(/\Aext_/, '')] = v; hash}
     end
 
     def post_params
       unknown_params.merge(@custom_params).merge(@ext_params).merge(parameters)
     end
 
+    def jwt_params(private_key:, originating_domain:, algorithm: :HS256)
+      { 'jwt' => to_jwt(private_key: private_key, originating_domain: originating_domain, algorithm: algorithm) }
+    end
+
     def signed_post_params(secret)
-      message_params = { oauth_consumer_key: oauth_consumer_key}.merge(post_params)
-      @message_authenticator = IMS::LTI::Services::MessageAuthenticator.new(launch_url, message_params, secret )
+      # The params will be used in an HTML form, and browsers will always use
+      # newlines+carriage return line endings for submitted form data. The
+      # signature needs to match, and signature generation does not add carriage
+      # returns, so we ensure CRLF endings here.
+      message_params = self.class.convert_param_values_to_crlf_endings(oauth_params.merge(post_params))
+      @message_authenticator = IMS::LTI::Services::MessageAuthenticator.new(launch_url, message_params, secret)
       @message_authenticator.signed_params
     end
 
@@ -165,6 +204,27 @@ module IMS::LTI::Models::Messages
       end
     end
 
+    def to_jwt(private_key:, originating_domain:, algorithm: :HS256)
+      now = Time.now
+      exp = now + 60 * 5
+      ims = unknown_params.merge(parameters)
+      ims[:custom] = get_custom_params
+      ims[:ext] = get_ext_params
+      claim = {
+        iss: originating_domain,
+        sub: consumer_key,
+        aud: launch_url,
+        iat: now,
+        exp: exp,
+        jti: SecureRandom.uuid,
+        "org.imsglobal.lti.message" => ims
+      }
+      jwt = JSON::JWT.new(claim).sign(private_key, algorithm)
+      jwt.to_s
+    end
+
+    alias_attribute :consumer_key, :oauth_consumer_key
+
     private
 
     def collect_attributes(attributes)
@@ -176,4 +236,4 @@ module IMS::LTI::Models::Messages
     end
 
   end
-end
+end

data/lib/ims/lti/models/messages/registration_request.rb

@@ -1,7 +1,8 @@
 module IMS::LTI::Models::Messages
   class RegistrationRequest < RequestMessage
 
-    add_required_params :reg_key, :reg_password, :tc_profile_url, :launch_presentation_return_url
+    add_required_params :reg_key, :reg_password, :tc_profile_url, :launch_presentation_return_url, :tool_proxy_guid,
+                        :tool_proxy_url
 
 
     MESSAGE_TYPE = 'ToolProxyRegistrationRequest'
@@ -16,4 +17,4 @@ module IMS::LTI::Models::Messages
     end
 
   end
-end
+end

data/lib/ims/lti/models/messages/{tool_proxy_reregistration_request.rb → tool_proxy_update_request.rb}

@@ -1,10 +1,10 @@
 module IMS::LTI::Models::Messages
-  class ToolProxyReregistrationRequest < RequestMessage
+  class ToolProxyUpdateRequest < RequestMessage
 
     add_required_params :tc_profile_url, :launch_presentation_return_url
 
 
-    MESSAGE_TYPE = 'ToolProxyReregistrationRequest'
+    MESSAGE_TYPE = 'ToolProxyUpdateRequest'
 
     def initialize(attrs = {})
       super(attrs)

data/lib/ims/lti/models/messages.rb

@@ -6,6 +6,6 @@ module IMS::LTI::Models
     require_relative 'messages/basic_lti_launch_request'
     require_relative 'messages/content_item_selection_request'
     require_relative 'messages/content_item_selection'
-    require_relative 'messages/tool_proxy_reregistration_request'
+    require_relative 'messages/tool_proxy_update_request'
   end
 end

data/lib/ims/lti/models/tool_consumer_profile.rb

@@ -11,6 +11,7 @@ module IMS::LTI::Models
     add_attribute :id, json_key:'@id'
     add_attribute :type, json_key:'@type'
     add_attribute :context, json_key:'@context'
+    add_attribute :security_profile, relation: 'IMS::LTI::Models::SecurityProfile'
     add_attribute :product_instance, relation:'IMS::LTI::Models::ProductInstance'
     add_attribute :service_offered, relation: 'IMS::LTI::Models::RestService'
 
@@ -33,7 +34,12 @@ module IMS::LTI::Models
     end
 
     def reregistration_capable?
-      @capability_offered.include?(Messages::ToolProxyReregistrationRequest::MESSAGE_TYPE)
+      @capability_offered.include?(Messages::ToolProxyUpdateRequest::MESSAGE_TYPE)
     end
+
+    def security_profile_by_name(security_profile_name:)
+      security_profiles.find { |sp| sp.security_profile_name == security_profile_name}
+    end
+
   end
 end

data/lib/ims/lti/serializers/membership_service/lis_person_serializer.rb

@@ -7,5 +7,6 @@ module IMS::LTI::Serializers::MembershipService
     set_attribute :result_sourced_id, key: :resultSourcedId
     set_attribute :sourced_id, key: :sourcedId
     set_attribute :user_id, key: :userId
+    set_attribute :sis_id, key: :sisId, optional: true
   end
 end

data/lib/ims/lti/services/authentication_service.rb

@@ -0,0 +1,67 @@
+module IMS::LTI::Services
+  class AuthenticationService
+
+    attr_accessor :connection, :iss, :aud, :sub, :secret, :grant_type,
+                  :additional_claims, :additional_params
+    attr_writer :secret
+
+    def initialize(iss:, aud:, sub:, secret:)
+      @iss = iss
+      @aud = aud
+      @sub = sub
+      @secret = secret
+      @additional_claims = {}
+      @additional_params = {}
+      @grant_type = 'urn:ietf:params:oauth:grant-type:jwt-bearer'
+    end
+
+    def connection
+      @connection ||= Faraday.new
+    end
+
+    def access_token
+      access_token_request['access_token']
+    end
+
+    def expiration
+      expires_in = access_token_request['expires_in'].to_i
+      @_response_time + expires_in
+    end
+
+    def expired?
+      expiration < Time.now
+    end
+
+    def invalidate!
+      @_access_token_request = nil
+      @_response_time = nil
+    end
+
+    private
+
+    def access_token_request
+      @_access_token_request ||= begin
+        assertion = JSON::JWT.new(
+          iss: iss,
+          sub: sub,
+          aud: aud.to_s,
+          iat: Time.now.to_i,
+          exp: 1.minute.from_now,
+          jti: SecureRandom.uuid
+        )
+        assertion.merge!(@additional_claims)
+        assertion = assertion.sign(@secret, :HS256).to_s
+        body = {
+          grant_type: grant_type,
+          assertion: assertion
+        }
+        body.merge!(@additional_params)
+        response = connection.post(aud, body)
+        raise IMS::LTI::Errors::AuthenticationFailedError.new(response: response) unless response.success?
+        @_response_time = Time.now
+        response.body
+      end
+    end
+
+  end
+end

data/lib/ims/lti/services/message_authenticator.rb

@@ -14,7 +14,7 @@ module IMS::LTI::Services
 
 
     def valid_signature?
-      simple_oauth_header.valid?(signature: signature)
+       message.jwt ? valid_jwt? : simple_oauth_header.valid?(signature: signature)
     end
 
     def message
@@ -33,8 +33,7 @@ module IMS::LTI::Services
           @options.merge(
             {
               consumer_key: consumer_key,
-              consumer_secret: @secret,
-              callback: 'about:blank'
+              consumer_secret: @secret
             }
           )
         )
@@ -47,11 +46,24 @@ module IMS::LTI::Services
     end
 
     def signed_params
-      simple_oauth_header.signed_attributes.merge(params)
+      simple_oauth_header.signed_attributes.merge(@parsed_params)
     end
 
 
     private
+
+    def valid_jwt?
+      begin
+        jwt = JSON::JWT.decode(message.jwt, @secret)
+        aud1 = Addressable::URI.parse(jwt['aud'])
+        aud2 = Addressable::URI.parse(launch_url)
+        [aud1, aud2].each{ |aud| aud.fragment = '' }
+        aud1.normalize == aud2.normalize
+      rescue JSON::JWS::VerificationFailed
+        false
+      end
+    end
+
     def parse_params(params)
       params.inject([{}, {}]) do |array, (k, v)|
         attr = k.to_s.sub('oauth_', '').to_sym
@@ -65,4 +77,4 @@ module IMS::LTI::Services
     end
 
   end
-end
+end

data/lib/ims/lti/services/oauth2_client.rb

@@ -0,0 +1,18 @@
+module IMS::LTI::Services
+
+  class OAuth2Client
+    attr_accessor :token, :base_url
+    attr_writer :connection
+
+    def initialize(token:, base_url: nil)
+      @base_url = base_url
+      @token = token
+    end
+
+    def connection
+      @connection ||= Faraday.new base_url do |conn|
+        conn.authorization :Bearer, token
+      end
+    end
+  end
+end

data/lib/ims/lti/services/tool_consumer_profile_service.rb

@@ -0,0 +1,16 @@
+module IMS::LTI::Services
+  class ToolConsumerProfileService
+
+    attr_accessor :tcp
+
+    def initialize(tool_consumer_profile)
+      @tcp = tool_consumer_profile
+    end
+
+    def supports_capabilities?(capability, *capabilities)
+      capabilities.unshift(capability)
+      (capabilities - tcp.capabilities_offered).empty?
+    end
+
+  end
+end

data/lib/ims/lti/services/tool_proxy_registration_service.rb

@@ -76,7 +76,7 @@ module IMS::LTI::Services
     end
 
     def reregistration?
-      @registration_request.is_a?(IMS::LTI::Models::Messages::ToolProxyReregistrationRequest)
+      @registration_request.is_a?(IMS::LTI::Models::Messages::ToolProxyUpdateRequest)
     end
 
 

data/lib/ims/lti/services/tool_proxy_validator.rb

@@ -85,25 +85,42 @@ module IMS::LTI::Services
       ret_val
     end
 
+    def invalid_security_profiles
+      security_profiles = tool_proxy.tool_profile.security_profiles
+      array = security_profiles.each_with_object([]) do |sp, array|
+        tcp_sp = tool_consumer_profile.security_profile_by_name(security_profile_name: sp.security_profile_name)
+        if tcp_sp
+          supported_algorithms = sp.digest_algorithms & tcp_sp.digest_algorithms
+          unsupported_algorithms = sp.digest_algorithms - supported_algorithms
+          unless unsupported_algorithms.empty?
+            array << { name: sp.security_profile_name, algorithms: unsupported_algorithms }
+          end
+        else
+          array << { name: sp.security_profile_name }
+        end
+      end
+      array
+    end
+
     def errors
       ret_val = {}
       ret_val[:invalid_security_contract] = invalid_security_contract unless invalid_security_contract.empty?
       ret_val[:invalid_capabilities] = invalid_capabilities unless invalid_capabilities.empty?
       ret_val[:invalid_message_handlers] = invalid_message_handlers unless invalid_message_handlers.empty?
       ret_val[:invalid_services] = invalid_services unless invalid_services.empty?
-
+      ret_val[:invalid_security_profiles] = invalid_security_profiles unless invalid_security_profiles.empty?
       ret_val
     end
 
     def valid?
-      invalid_capabilities.empty? && invalid_security_contract.empty? && invalid_services.empty? && invalid_message_handlers.empty?
+      errors.keys.empty?
     end
 
     private
 
     def normalize_strings(string, *strings)
       strings.push(string)
-      normalized = strings.map { |s| s.upcase.strip }
+      normalized = strings.map {|s| s.upcase.strip}
       normalized
     end
 
@@ -112,7 +129,7 @@ module IMS::LTI::Services
         invalid_capabilities = mh.enabled_capabilities - capabilities_offered
         invalid_parameters = validate_parameters(mh.parameters)
         if !invalid_parameters.empty? || !invalid_capabilities.empty?
-          hash = {message_type: mh.message_type, }
+          hash = { message_type: mh.message_type, }
           hash[:invalid_capabilities] = invalid_capabilities unless invalid_capabilities.empty?
           hash[:invalid_parameters] = invalid_parameters unless invalid_parameters.empty?
           array << hash
@@ -124,7 +141,7 @@ module IMS::LTI::Services
     def validate_parameters(parameters)
       parameters.each_with_object([]) do |p, array|
         if !p.fixed? && !capabilities_offered.include?(p.variable)
-          array << {name: p.name, variable: p.variable}
+          array << { name: p.name, variable: p.variable }
         end
       end
     end
@@ -142,7 +159,7 @@ module IMS::LTI::Services
         invalid_mhs = validate_message_handlers(rh.messages)
         if !invalid_mhs.empty? || !invalid_message_types.empty?
           hash = {
-              code: rh.resource_type.code,
+            code: rh.resource_type.code,
           }
           hash[:messages] = invalid_mhs unless invalid_mhs.empty?
           hash[:invalid_message_types] = invalid_message_types unless invalid_message_types.empty?
@@ -161,6 +178,5 @@ module IMS::LTI::Services
       hash
     end
 
-
   end
 end

data/lib/ims/lti/services.rb

@@ -1,8 +1,11 @@
 module IMS::LTI
   module Services
+    require_relative 'services/oauth2_client'
     require_relative 'services/tool_proxy_registration_service'
     require_relative 'services/tool_config'
     require_relative 'services/tool_proxy_validator'
     require_relative 'services/message_authenticator'
+    require_relative 'services/tool_consumer_profile_service'
+    require_relative 'services/authentication_service'
   end
-end
+end

data/lib/ims/lti/version.rb

@@ -1,5 +1,5 @@
 module IMS
   module LTI
-    VERSION = "2.0.0.beta.27"
+    VERSION = "2.3.3"
   end
 end

data/lib/ims/lti.rb

@@ -1,17 +1,19 @@
-require 'json'
-require 'securerandom'
-require 'simple_oauth'
+require 'addressable/uri'
+require 'builder'
 require 'faraday'
 require 'faraday_middleware'
-require 'builder'
+require 'json'
+require 'json/jwt'
 require 'rexml/document'
+require 'securerandom'
+require 'simple_oauth'
 
 module IMS
   module LTI
-    require_relative 'lti/models'
     require_relative 'lti/converters'
-    require_relative 'lti/services'
     require_relative 'lti/errors'
+    require_relative 'lti/models'
     require_relative 'lti/serializers'
+    require_relative 'lti/services'
   end
 end

metadata

@@ -1,99 +1,133 @@
 --- !ruby/object:Gem::Specification
 name: ims-lti
 version: !ruby/object:Gem::Version
-  version: 2.1.2
+  version: 2.3.3
 platform: ruby
 authors:
 - Instructure
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2017-03-27 00:00:00.000000000 Z
+date: 2023-01-03 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
-  name: simple_oauth
+  name: addressable
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - '='
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.5'
+    - - ">="
       - !ruby/object:Gem::Version
-        version: '0.2'
+        version: 2.5.1
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - '='
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.5'
+    - - ">="
       - !ruby/object:Gem::Version
-        version: '0.2'
+        version: 2.5.1
 - !ruby/object:Gem::Dependency
-  name: faraday
+  name: builder
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0.8'
+        version: '3.2'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0.8'
+        version: '3.2'
+- !ruby/object:Gem::Dependency
+  name: faraday
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '2.0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '2.0'
 - !ruby/object:Gem::Dependency
   name: faraday_middleware
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - "<"
       - !ruby/object:Gem::Version
-        version: '0.8'
+        version: '2.0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - "<"
       - !ruby/object:Gem::Version
-        version: '0.8'
+        version: '2.0'
 - !ruby/object:Gem::Dependency
-  name: builder
+  name: json-jwt
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '3.2'
+        version: '1.7'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '3.2'
+        version: '1.7'
 - !ruby/object:Gem::Dependency
-  name: rake
+  name: simple_oauth
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '10.4'
-  type: :development
+        version: 0.3.1
+  type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '10.4'
+        version: 0.3.1
 - !ruby/object:Gem::Dependency
-  name: rspec
+  name: rexml
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: byebug
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '3.2'
+        version: '9.0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '3.2'
+        version: '9.0'
 - !ruby/object:Gem::Dependency
   name: guard
   requirement: !ruby/object:Gem::Requirement
@@ -128,14 +162,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '2.10'
+        version: '3.0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '2.10'
+        version: '3.0'
 - !ruby/object:Gem::Dependency
   name: pry
   requirement: !ruby/object:Gem::Requirement
@@ -151,19 +185,47 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '0.10'
 - !ruby/object:Gem::Dependency
-  name: byebug
+  name: rake
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '8.2'
+        version: '12.0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '8.2'
+        version: '12.0'
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.2'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.2'
+- !ruby/object:Gem::Dependency
+  name: timecop
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.8'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.8'
 description: 
 email: opensource@instructure.com
 executables: []
@@ -189,6 +251,7 @@ files:
 - lib/ims/lti/converters.rb
 - lib/ims/lti/converters/time_json_converter.rb
 - lib/ims/lti/errors.rb
+- lib/ims/lti/errors/authentication_failed_error.rb
 - lib/ims/lti/errors/invalid_lti_config_error.rb
 - lib/ims/lti/errors/invalid_tool_consumer_profile.rb
 - lib/ims/lti/errors/tool_proxy_registration_error.rb
@@ -226,7 +289,7 @@ files:
 - lib/ims/lti/models/messages/message.rb
 - lib/ims/lti/models/messages/registration_request.rb
 - lib/ims/lti/models/messages/request_message.rb
-- lib/ims/lti/models/messages/tool_proxy_reregistration_request.rb
+- lib/ims/lti/models/messages/tool_proxy_update_request.rb
 - lib/ims/lti/models/parameter.rb
 - lib/ims/lti/models/product_family.rb
 - lib/ims/lti/models/product_info.rb
@@ -259,8 +322,11 @@ files:
 - lib/ims/lti/serializers/membership_service/page_serializer.rb
 - lib/ims/lti/serializers/membership_service/person_serializer.rb
 - lib/ims/lti/services.rb
+- lib/ims/lti/services/authentication_service.rb
 - lib/ims/lti/services/message_authenticator.rb
+- lib/ims/lti/services/oauth2_client.rb
 - lib/ims/lti/services/tool_config.rb
+- lib/ims/lti/services/tool_consumer_profile_service.rb
 - lib/ims/lti/services/tool_proxy_registration_service.rb
 - lib/ims/lti/services/tool_proxy_validator.rb
 - lib/ims/lti/version.rb
@@ -283,8 +349,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubyforge_project: 
-rubygems_version: 2.6.8
+rubygems_version: 3.2.22
 signing_key: 
 specification_version: 4
 summary: Ruby library for creating IMS LTI tool providers and consumers