@lti-tool/core 0.11.0 → 0.12.0

package/dist/schemas/lti13/dynamicRegistration/openIDConfiguration.schema.d.ts

@@ -0,0 +1,59 @@
+import * as z from 'zod';
+/**
+ * Zod schema for LTI platform-specific configuration within OpenID Connect Discovery.
+ * Contains LTI-specific metadata about the platform's capabilities and supported features.
+ *
+ * @property product_family_code - Platform identifier (e.g., 'moodle', 'canvas', 'sakai')
+ * @property version - Platform version string
+ * @property messages_supported - Array of LTI message types the platform supports
+ * @property variables - Optional array of custom variable names the platform supports
+ */
+export declare const ltiPlatformConfigurationSchema: z.ZodObject<{
+    product_family_code: z.ZodString;
+    version: z.ZodString;
+    messages_supported: z.ZodArray<z.ZodObject<{
+        type: z.ZodString;
+        placements: z.ZodOptional<z.ZodArray<z.ZodString>>;
+    }, z.core.$loose>>;
+    variables: z.ZodOptional<z.ZodArray<z.ZodString>>;
+}, z.core.$strip>;
+/**
+ * Zod schema for validating OpenID Connect Discovery configuration from LTI 1.3 platforms.
+ * This configuration is fetched during dynamic registration to discover platform endpoints,
+ * supported features, and security requirements. Used to validate the response from the
+ * platform's /.well-known/openid_configuration endpoint.
+ *
+ * @property issuer - Platform's issuer URL (must match hostname of configuration endpoint)
+ * @property authorization_endpoint - OAuth 2.0 authorization endpoint for LTI launches
+ * @property registration_endpoint - Dynamic registration endpoint for tool registration
+ * @property jwks_uri - JSON Web Key Set endpoint for signature verification
+ * @property token_endpoint - OAuth 2.0 token endpoint for service access tokens
+ * @property scopes_supported - Array of OAuth scopes the platform supports (AGS, NRPS, etc.)
+ * @property https://purl.imsglobal.org/spec/lti-platform-configuration - LTI-specific platform metadata
+ */
+export declare const openIDConfigurationSchema: z.ZodObject<{
+    issuer: z.ZodURL;
+    authorization_endpoint: z.ZodURL;
+    registration_endpoint: z.ZodURL;
+    jwks_uri: z.ZodURL;
+    token_endpoint: z.ZodURL;
+    token_endpoint_auth_methods_supported: z.ZodArray<z.ZodString>;
+    token_endpoint_auth_signing_alg_values_supported: z.ZodArray<z.ZodString>;
+    scopes_supported: z.ZodArray<z.ZodString>;
+    response_types_supported: z.ZodArray<z.ZodString>;
+    id_token_signing_alg_values_supported: z.ZodArray<z.ZodString>;
+    claims_supported: z.ZodArray<z.ZodString>;
+    subject_types_supported: z.ZodArray<z.ZodString>;
+    authorization_server: z.ZodOptional<z.ZodString>;
+    'https://purl.imsglobal.org/spec/lti-platform-configuration': z.ZodObject<{
+        product_family_code: z.ZodString;
+        version: z.ZodString;
+        messages_supported: z.ZodArray<z.ZodObject<{
+            type: z.ZodString;
+            placements: z.ZodOptional<z.ZodArray<z.ZodString>>;
+        }, z.core.$loose>>;
+        variables: z.ZodOptional<z.ZodArray<z.ZodString>>;
+    }, z.core.$strip>;
+}, z.core.$loose>;
+export type OpenIDConfiguration = z.infer<typeof openIDConfigurationSchema>;
+//# sourceMappingURL=openIDConfiguration.schema.d.ts.map

package/dist/schemas/lti13/dynamicRegistration/openIDConfiguration.schema.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"openIDConfiguration.schema.d.ts","sourceRoot":"","sources":["../../../../src/schemas/lti13/dynamicRegistration/openIDConfiguration.schema.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,CAAC,MAAM,KAAK,CAAC;AAEzB;;;;;;;;GAQG;AACH,eAAO,MAAM,8BAA8B;;;;;;;;iBAYzC,CAAC;AAEH;;;;;;;;;;;;;GAaG;AACH,eAAO,MAAM,yBAAyB;;;;;;;;;;;;;;;;;;;;;;;iBAkB5B,CAAC;AAEX,MAAM,MAAM,mBAAmB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,yBAAyB,CAAC,CAAC"}

package/dist/schemas/lti13/dynamicRegistration/openIDConfiguration.schema.js

@@ -0,0 +1,53 @@
+import * as z from 'zod';
+/**
+ * Zod schema for LTI platform-specific configuration within OpenID Connect Discovery.
+ * Contains LTI-specific metadata about the platform's capabilities and supported features.
+ *
+ * @property product_family_code - Platform identifier (e.g., 'moodle', 'canvas', 'sakai')
+ * @property version - Platform version string
+ * @property messages_supported - Array of LTI message types the platform supports
+ * @property variables - Optional array of custom variable names the platform supports
+ */
+export const ltiPlatformConfigurationSchema = z.object({
+    product_family_code: z.string(),
+    version: z.string(),
+    messages_supported: z.array(z
+        .object({
+        type: z.string(),
+        placements: z.array(z.string()).optional(),
+    })
+        .loose()),
+    variables: z.array(z.string()).optional(),
+});
+/**
+ * Zod schema for validating OpenID Connect Discovery configuration from LTI 1.3 platforms.
+ * This configuration is fetched during dynamic registration to discover platform endpoints,
+ * supported features, and security requirements. Used to validate the response from the
+ * platform's /.well-known/openid_configuration endpoint.
+ *
+ * @property issuer - Platform's issuer URL (must match hostname of configuration endpoint)
+ * @property authorization_endpoint - OAuth 2.0 authorization endpoint for LTI launches
+ * @property registration_endpoint - Dynamic registration endpoint for tool registration
+ * @property jwks_uri - JSON Web Key Set endpoint for signature verification
+ * @property token_endpoint - OAuth 2.0 token endpoint for service access tokens
+ * @property scopes_supported - Array of OAuth scopes the platform supports (AGS, NRPS, etc.)
+ * @property https://purl.imsglobal.org/spec/lti-platform-configuration - LTI-specific platform metadata
+ */
+export const openIDConfigurationSchema = z
+    .object({
+    issuer: z.url(),
+    authorization_endpoint: z.url(),
+    registration_endpoint: z.url(),
+    jwks_uri: z.url(),
+    token_endpoint: z.url(),
+    token_endpoint_auth_methods_supported: z.array(z.string()),
+    token_endpoint_auth_signing_alg_values_supported: z.array(z.string()),
+    scopes_supported: z.array(z.string()),
+    response_types_supported: z.array(z.string()),
+    id_token_signing_alg_values_supported: z.array(z.string()),
+    claims_supported: z.array(z.string()),
+    subject_types_supported: z.array(z.string()),
+    authorization_server: z.string().optional(),
+    'https://purl.imsglobal.org/spec/lti-platform-configuration': ltiPlatformConfigurationSchema,
+})
+    .loose();

package/dist/schemas/lti13/dynamicRegistration/registrationRequest.schema.d.ts

@@ -0,0 +1,7 @@
+import * as z from 'zod';
+export declare const RegistrationRequestSchema: z.ZodObject<{
+    openid_configuration: z.ZodURL;
+    registration_token: z.ZodOptional<z.ZodString>;
+}, z.core.$strip>;
+export type RegistrationRequest = z.infer<typeof RegistrationRequestSchema>;
+//# sourceMappingURL=registrationRequest.schema.d.ts.map

package/dist/schemas/lti13/dynamicRegistration/registrationRequest.schema.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"registrationRequest.schema.d.ts","sourceRoot":"","sources":["../../../../src/schemas/lti13/dynamicRegistration/registrationRequest.schema.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,CAAC,MAAM,KAAK,CAAC;AAEzB,eAAO,MAAM,yBAAyB;;;iBAGpC,CAAC;AAEH,MAAM,MAAM,mBAAmB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,yBAAyB,CAAC,CAAC"}

package/dist/schemas/lti13/dynamicRegistration/registrationRequest.schema.js

@@ -0,0 +1,5 @@
+import * as z from 'zod';
+export const RegistrationRequestSchema = z.object({
+    openid_configuration: z.url(),
+    registration_token: z.string().optional(),
+});

package/dist/schemas/lti13/dynamicRegistration/registrationResponse.schema.d.ts

@@ -0,0 +1,73 @@
+import * as z from 'zod';
+/**
+ * Zod schema for validating LTI 1.3 dynamic registration response from platforms.
+ * This response is returned after successfully registering a tool with an LTI platform.
+ * Contains the registered client credentials and configuration that the tool needs to store.
+ *
+ * @property client_id - Unique client identifier assigned by the platform
+ * @property registration_client_uri - Optional URI for managing this registration
+ * @property registration_access_token - Optional token for registration management
+ * @property application_type - Always 'web' for LTI tools
+ * @property response_types - OAuth response types, always ['id_token'] for LTI
+ * @property grant_types - OAuth grant types supported ('implicit', 'client_credentials')
+ * @property initiate_login_uri - Tool's login initiation endpoint
+ * @property redirect_uris - Array of valid redirect URIs for the tool
+ * @property client_name - Human-readable name of the registered tool
+ * @property jwks_uri - Tool's JSON Web Key Set endpoint for signature verification
+ * @property logo_uri - Optional URL to the tool's logo image
+ * @property token_endpoint_auth_method - Always 'private_key_jwt' for LTI 1.3
+ * @property contacts - Optional array of contact email addresses
+ * @property scope - Optional OAuth scopes granted to the tool
+ * @property https://purl.imsglobal.org/spec/lti-tool-configuration - LTI-specific tool configuration
+ */
+export declare const RegistrationResponseSchema: z.ZodObject<{
+    client_id: z.ZodString;
+    registration_client_uri: z.ZodOptional<z.ZodURL>;
+    registration_access_token: z.ZodOptional<z.ZodString>;
+    application_type: z.ZodLiteral<"web">;
+    response_types: z.ZodArray<z.ZodLiteral<"id_token">>;
+    grant_types: z.ZodArray<z.ZodEnum<{
+        implicit: "implicit";
+        client_credentials: "client_credentials";
+    }>>;
+    initiate_login_uri: z.ZodURL;
+    redirect_uris: z.ZodArray<z.ZodURL>;
+    client_name: z.ZodString;
+    jwks_uri: z.ZodURL;
+    logo_uri: z.ZodUnion<[z.ZodOptional<z.ZodURL>, z.ZodLiteral<"">]>;
+    token_endpoint_auth_method: z.ZodLiteral<"private_key_jwt">;
+    contacts: z.ZodOptional<z.ZodArray<z.ZodEmail>>;
+    scope: z.ZodUnion<[z.ZodOptional<z.ZodString>, z.ZodLiteral<"">]>;
+    'https://purl.imsglobal.org/spec/lti-tool-configuration': z.ZodObject<{
+        domain: z.ZodString;
+        target_link_uri: z.ZodOptional<z.ZodURL>;
+        custom_parameters: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodString>>;
+        claims: z.ZodArray<z.ZodString>;
+        messages: z.ZodArray<z.ZodDiscriminatedUnion<[z.ZodObject<{
+            type: z.ZodLiteral<"LtiResourceLinkRequest">;
+        }, z.core.$strip>, z.ZodObject<{
+            type: z.ZodLiteral<"LtiDeepLinkingRequest">;
+            target_link_uri: z.ZodOptional<z.ZodURL>;
+            label: z.ZodOptional<z.ZodString>;
+            placements: z.ZodOptional<z.ZodArray<z.ZodEnum<{
+                ContentArea: "ContentArea";
+                RichTextEditor: "RichTextEditor";
+                CourseNavigation: "CourseNavigation";
+            }>>>;
+            supported_types: z.ZodOptional<z.ZodArray<z.ZodEnum<{
+                file: "file";
+                ltiResourceLink: "ltiResourceLink";
+                html: "html";
+                link: "link";
+                image: "image";
+            }>>>;
+            supported_media_types: z.ZodOptional<z.ZodArray<z.ZodString>>;
+            roles: z.ZodOptional<z.ZodArray<z.ZodString>>;
+            custom_parameters: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodString>>;
+        }, z.core.$strip>], "type">>;
+        version: z.ZodOptional<z.ZodString>;
+        deployment_id: z.ZodOptional<z.ZodString>;
+    }, z.core.$strip>;
+}, z.core.$strip>;
+export type RegistrationResponse = z.infer<typeof RegistrationResponseSchema>;
+//# sourceMappingURL=registrationResponse.schema.d.ts.map

package/dist/schemas/lti13/dynamicRegistration/registrationResponse.schema.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"registrationResponse.schema.d.ts","sourceRoot":"","sources":["../../../../src/schemas/lti13/dynamicRegistration/registrationResponse.schema.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,CAAC,MAAM,KAAK,CAAC;AA0BzB;;;;;;;;;;;;;;;;;;;;GAoBG;AACH,eAAO,MAAM,0BAA0B;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;iBAiBrC,CAAC;AAEH,MAAM,MAAM,oBAAoB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,0BAA0B,CAAC,CAAC"}

package/dist/schemas/lti13/dynamicRegistration/registrationResponse.schema.js

@@ -0,0 +1,61 @@
+import * as z from 'zod';
+import { LTIMessagesArraySchema } from './ltiMessages.schema';
+/**
+ * Zod schema for LTI tool configuration within dynamic registration response.
+ * Contains tool-specific metadata returned by the platform after successful registration.
+ *
+ * @property domain - Tool's domain name for security validation
+ * @property target_link_uri - Optional default launch URL for the tool
+ * @property custom_parameters - Optional custom parameters passed to the tool
+ * @property claims - Array of JWT claims the tool requires (e.g., 'iss', 'sub', 'name', 'email')
+ * @property messages - Array of LTI message types the tool supports
+ * @property version - Optional tool version string
+ * @property deployment_id - Optional deployment identifier assigned by the platform
+ */
+const LTIToolConfigurationResponseSchema = z.object({
+    domain: z.string(),
+    target_link_uri: z.url().optional(),
+    custom_parameters: z.record(z.string(), z.string()).optional(),
+    claims: z.array(z.string()),
+    messages: LTIMessagesArraySchema,
+    version: z.string().optional(),
+    deployment_id: z.string().optional(),
+});
+/**
+ * Zod schema for validating LTI 1.3 dynamic registration response from platforms.
+ * This response is returned after successfully registering a tool with an LTI platform.
+ * Contains the registered client credentials and configuration that the tool needs to store.
+ *
+ * @property client_id - Unique client identifier assigned by the platform
+ * @property registration_client_uri - Optional URI for managing this registration
+ * @property registration_access_token - Optional token for registration management
+ * @property application_type - Always 'web' for LTI tools
+ * @property response_types - OAuth response types, always ['id_token'] for LTI
+ * @property grant_types - OAuth grant types supported ('implicit', 'client_credentials')
+ * @property initiate_login_uri - Tool's login initiation endpoint
+ * @property redirect_uris - Array of valid redirect URIs for the tool
+ * @property client_name - Human-readable name of the registered tool
+ * @property jwks_uri - Tool's JSON Web Key Set endpoint for signature verification
+ * @property logo_uri - Optional URL to the tool's logo image
+ * @property token_endpoint_auth_method - Always 'private_key_jwt' for LTI 1.3
+ * @property contacts - Optional array of contact email addresses
+ * @property scope - Optional OAuth scopes granted to the tool
+ * @property https://purl.imsglobal.org/spec/lti-tool-configuration - LTI-specific tool configuration
+ */
+export const RegistrationResponseSchema = z.object({
+    client_id: z.string(),
+    registration_client_uri: z.url().optional(),
+    registration_access_token: z.string().optional(),
+    application_type: z.literal('web'),
+    response_types: z.array(z.literal('id_token')),
+    grant_types: z.array(z.enum(['implicit', 'client_credentials'])), // Note: "implicit" not "implict"
+    initiate_login_uri: z.url(),
+    redirect_uris: z.array(z.url()),
+    client_name: z.string(),
+    jwks_uri: z.url(),
+    logo_uri: z.url().optional().or(z.literal('')),
+    token_endpoint_auth_method: z.literal('private_key_jwt'),
+    contacts: z.array(z.email()).optional(),
+    scope: z.string().optional().or(z.literal('')),
+    'https://purl.imsglobal.org/spec/lti-tool-configuration': LTIToolConfigurationResponseSchema,
+});

package/dist/schemas/lti13/dynamicRegistration/toolRegistrationPayload.schema.d.ts

@@ -0,0 +1,103 @@
+import * as z from 'zod';
+/**
+ * Zod schema for LTI tool configuration section within tool registration payload.
+ * Contains LTI-specific metadata about the tool being registered with the platform.
+ *
+ * @property domain - Tool's domain name for security validation and CORS policies
+ * @property description - Optional human-readable description of the tool's purpose
+ * @property target_link_uri - Default launch URL where the platform should send LTI requests
+ * @property claims - Array of JWT claims the tool requires from launch requests (e.g., 'iss', 'sub', 'name', 'email')
+ * @property messages - Array of LTI message types the tool supports (ResourceLink, DeepLinking, etc.)
+ */
+declare const LTIToolConfigurationSchema: z.ZodObject<{
+    domain: z.ZodString;
+    description: z.ZodOptional<z.ZodString>;
+    target_link_uri: z.ZodURL;
+    claims: z.ZodArray<z.ZodString>;
+    messages: z.ZodArray<z.ZodDiscriminatedUnion<[z.ZodObject<{
+        type: z.ZodLiteral<"LtiResourceLinkRequest">;
+    }, z.core.$strip>, z.ZodObject<{
+        type: z.ZodLiteral<"LtiDeepLinkingRequest">;
+        target_link_uri: z.ZodOptional<z.ZodURL>;
+        label: z.ZodOptional<z.ZodString>;
+        placements: z.ZodOptional<z.ZodArray<z.ZodEnum<{
+            ContentArea: "ContentArea";
+            RichTextEditor: "RichTextEditor";
+            CourseNavigation: "CourseNavigation";
+        }>>>;
+        supported_types: z.ZodOptional<z.ZodArray<z.ZodEnum<{
+            file: "file";
+            ltiResourceLink: "ltiResourceLink";
+            html: "html";
+            link: "link";
+            image: "image";
+        }>>>;
+        supported_media_types: z.ZodOptional<z.ZodArray<z.ZodString>>;
+        roles: z.ZodOptional<z.ZodArray<z.ZodString>>;
+        custom_parameters: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodString>>;
+    }, z.core.$strip>], "type">>;
+}, z.core.$strip>;
+/**
+ * Zod schema for validating LTI 1.3 dynamic registration payload sent to platforms.
+ * This payload is constructed by the tool and sent to the platform's registration endpoint
+ * to register the tool and request specific OAuth scopes and LTI services.
+ *
+ * @property application_type - Always 'web' for LTI tools
+ * @property response_types - OAuth response types, always ['id_token'] for LTI 1.3
+ * @property grant_types - OAuth grant types requested ('implicit' for launches, 'client_credentials' for services)
+ * @property initiate_login_uri - Tool's login initiation endpoint for OIDC flow
+ * @property redirect_uris - Array of valid redirect URIs where the platform can send responses
+ * @property client_name - Human-readable name of the tool being registered
+ * @property jwks_uri - Tool's JSON Web Key Set endpoint for signature verification
+ * @property logo_uri - Optional URL to the tool's logo image
+ * @property scope - Optional OAuth scopes being requested (AGS, NRPS, etc.)
+ * @property token_endpoint_auth_method - Always 'private_key_jwt' for LTI 1.3 security
+ * @property https://purl.imsglobal.org/spec/lti-tool-configuration - LTI-specific tool configuration
+ */
+export declare const ToolRegistrationPayloadSchema: z.ZodObject<{
+    application_type: z.ZodLiteral<"web">;
+    response_types: z.ZodArray<z.ZodLiteral<"id_token">>;
+    grant_types: z.ZodArray<z.ZodEnum<{
+        implicit: "implicit";
+        client_credentials: "client_credentials";
+    }>>;
+    initiate_login_uri: z.ZodURL;
+    redirect_uris: z.ZodArray<z.ZodURL>;
+    client_name: z.ZodString;
+    jwks_uri: z.ZodURL;
+    logo_uri: z.ZodOptional<z.ZodURL>;
+    scope: z.ZodOptional<z.ZodString>;
+    token_endpoint_auth_method: z.ZodLiteral<"private_key_jwt">;
+    'https://purl.imsglobal.org/spec/lti-tool-configuration': z.ZodObject<{
+        domain: z.ZodString;
+        description: z.ZodOptional<z.ZodString>;
+        target_link_uri: z.ZodURL;
+        claims: z.ZodArray<z.ZodString>;
+        messages: z.ZodArray<z.ZodDiscriminatedUnion<[z.ZodObject<{
+            type: z.ZodLiteral<"LtiResourceLinkRequest">;
+        }, z.core.$strip>, z.ZodObject<{
+            type: z.ZodLiteral<"LtiDeepLinkingRequest">;
+            target_link_uri: z.ZodOptional<z.ZodURL>;
+            label: z.ZodOptional<z.ZodString>;
+            placements: z.ZodOptional<z.ZodArray<z.ZodEnum<{
+                ContentArea: "ContentArea";
+                RichTextEditor: "RichTextEditor";
+                CourseNavigation: "CourseNavigation";
+            }>>>;
+            supported_types: z.ZodOptional<z.ZodArray<z.ZodEnum<{
+                file: "file";
+                ltiResourceLink: "ltiResourceLink";
+                html: "html";
+                link: "link";
+                image: "image";
+            }>>>;
+            supported_media_types: z.ZodOptional<z.ZodArray<z.ZodString>>;
+            roles: z.ZodOptional<z.ZodArray<z.ZodString>>;
+            custom_parameters: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodString>>;
+        }, z.core.$strip>], "type">>;
+    }, z.core.$strip>;
+}, z.core.$strip>;
+export type ToolRegistrationPayload = z.infer<typeof ToolRegistrationPayloadSchema>;
+export type LTIToolConfiguration = z.infer<typeof LTIToolConfigurationSchema>;
+export {};
+//# sourceMappingURL=toolRegistrationPayload.schema.d.ts.map

package/dist/schemas/lti13/dynamicRegistration/toolRegistrationPayload.schema.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"toolRegistrationPayload.schema.d.ts","sourceRoot":"","sources":["../../../../src/schemas/lti13/dynamicRegistration/toolRegistrationPayload.schema.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,CAAC,MAAM,KAAK,CAAC;AAIzB;;;;;;;;;GASG;AACH,QAAA,MAAM,0BAA0B;;;;;;;;;;;;;;;;;;;;;;;;;;;iBAM9B,CAAC;AAEH;;;;;;;;;;;;;;;;GAgBG;AACH,eAAO,MAAM,6BAA6B;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;iBAYxC,CAAC;AAEH,MAAM,MAAM,uBAAuB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,6BAA6B,CAAC,CAAC;AACpF,MAAM,MAAM,oBAAoB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,0BAA0B,CAAC,CAAC"}

package/dist/schemas/lti13/dynamicRegistration/toolRegistrationPayload.schema.js

@@ -0,0 +1,49 @@
+import * as z from 'zod';
+import { LTIMessagesArraySchema } from './ltiMessages.schema';
+/**
+ * Zod schema for LTI tool configuration section within tool registration payload.
+ * Contains LTI-specific metadata about the tool being registered with the platform.
+ *
+ * @property domain - Tool's domain name for security validation and CORS policies
+ * @property description - Optional human-readable description of the tool's purpose
+ * @property target_link_uri - Default launch URL where the platform should send LTI requests
+ * @property claims - Array of JWT claims the tool requires from launch requests (e.g., 'iss', 'sub', 'name', 'email')
+ * @property messages - Array of LTI message types the tool supports (ResourceLink, DeepLinking, etc.)
+ */
+const LTIToolConfigurationSchema = z.object({
+    domain: z.string(),
+    description: z.string().optional(),
+    target_link_uri: z.url(),
+    claims: z.array(z.string()),
+    messages: LTIMessagesArraySchema,
+});
+/**
+ * Zod schema for validating LTI 1.3 dynamic registration payload sent to platforms.
+ * This payload is constructed by the tool and sent to the platform's registration endpoint
+ * to register the tool and request specific OAuth scopes and LTI services.
+ *
+ * @property application_type - Always 'web' for LTI tools
+ * @property response_types - OAuth response types, always ['id_token'] for LTI 1.3
+ * @property grant_types - OAuth grant types requested ('implicit' for launches, 'client_credentials' for services)
+ * @property initiate_login_uri - Tool's login initiation endpoint for OIDC flow
+ * @property redirect_uris - Array of valid redirect URIs where the platform can send responses
+ * @property client_name - Human-readable name of the tool being registered
+ * @property jwks_uri - Tool's JSON Web Key Set endpoint for signature verification
+ * @property logo_uri - Optional URL to the tool's logo image
+ * @property scope - Optional OAuth scopes being requested (AGS, NRPS, etc.)
+ * @property token_endpoint_auth_method - Always 'private_key_jwt' for LTI 1.3 security
+ * @property https://purl.imsglobal.org/spec/lti-tool-configuration - LTI-specific tool configuration
+ */
+export const ToolRegistrationPayloadSchema = z.object({
+    application_type: z.literal('web'),
+    response_types: z.array(z.literal('id_token')),
+    grant_types: z.array(z.enum(['implicit', 'client_credentials'])),
+    initiate_login_uri: z.url(),
+    redirect_uris: z.array(z.url()),
+    client_name: z.string(),
+    jwks_uri: z.url(),
+    logo_uri: z.url().optional(),
+    scope: z.string().optional(),
+    token_endpoint_auth_method: z.literal('private_key_jwt'),
+    'https://purl.imsglobal.org/spec/lti-tool-configuration': LTIToolConfigurationSchema,
+});

package/dist/services/dynamicRegistration.service.d.ts

@@ -0,0 +1,121 @@
+import type { BaseLogger } from 'pino';
+import type { DynamicRegistrationConfig } from '../interfaces/ltiConfig.js';
+import type { LTIDynamicRegistrationSession } from '../interfaces/ltiDynamicRegistrationSession.js';
+import type { LTIStorage } from '../interfaces/ltiStorage.js';
+import type { DynamicRegistrationForm } from '../schemas/lti13/dynamicRegistration/ltiDynamicRegistration.schema.js';
+import { type OpenIDConfiguration } from '../schemas/lti13/dynamicRegistration/openIDConfiguration.schema.js';
+import type { RegistrationRequest } from '../schemas/lti13/dynamicRegistration/registrationRequest.schema.js';
+/**
+ * Service for handling LTI 1.3 dynamic registration workflows.
+ *
+ * Provides a complete implementation of the LTI 1.3 Dynamic Registration specification,
+ * enabling tools to automatically register with LTI platforms without manual configuration.
+ * Handles the full registration lifecycle from initiation to completion with security validation.
+ *
+ * ## Key Features
+ * - **Platform Discovery**: Fetches and validates OpenID Connect configuration from LTI platforms
+ * - **Security Validation**: Enforces hostname matching and session-based CSRF protection
+ * - **Vendor Support**: Provides platform-specific registration forms (Moodle, with extensibility for Canvas, Sakai, etc.)
+ * - **Service Selection**: Allows administrators to choose which LTI Advantage services to enable (AGS, NRPS, Deep Linking)
+ * - **Automatic Storage**: Persists client and deployment configurations for future launches
+ *
+ * ## Registration Flow
+ * 1. **Initiation**: Platform redirects to tool with registration request
+ * 2. **Discovery**: Tool fetches platform's OpenID Connect configuration
+ * 3. **Form Generation**: Tool presents service selection form to administrator
+ * 4. **Registration**: Tool submits registration payload to platform
+ * 5. **Storage**: Tool stores received client credentials and deployment information
+ *
+ * ## Security Features
+ * - Session-based registration with 15-minute expiration
+ * - CSRF protection via secure session tokens
+ * - Hostname validation between OIDC endpoint and issuer
+ * - One-time session consumption to prevent replay attacks
+ *
+ * @example
+ * ```typescript
+ * const service = new DynamicRegistrationService(
+ *   storage,
+ *   dynamicRegistrationConfig,
+ *   logger
+ * );
+ *
+ * // Initiate registration
+ * const formHtml = await service.initiateDynamicRegistration(request, '/lti/register');
+ *
+ * // Complete registration
+ * const successHtml = await service.completeDynamicRegistration(formData);
+ * ```
+ *
+ * @see https://www.imsglobal.org/spec/lti-dr/v1p0 LTI 1.3 Dynamic Registration specification
+ */
+export declare class DynamicRegistrationService {
+    private storage;
+    private dynamicRegistrationConfig;
+    private logger;
+    constructor(storage: LTIStorage, dynamicRegistrationConfig: DynamicRegistrationConfig, logger: BaseLogger);
+    /**
+     * Fetches and validates the OpenID Connect configuration from an LTI platform during dynamic registration.
+     * Validates that the OIDC endpoint and issuer have matching hostnames for security.
+     *
+     * @param registrationRequest - Registration request containing openid_configuration URL and optional registration_token
+     * @returns Validated OpenID configuration with platform endpoints and supported features
+     * @throws {Error} When the configuration fetch fails, validation fails, or hostname mismatch detected
+     */
+    fetchPlatformConfiguration(registrationRequest: RegistrationRequest): Promise<OpenIDConfiguration>;
+    /**
+     * Initiates LTI 1.3 dynamic registration by fetching platform configuration and generating registration form.
+     * Creates a temporary session and returns vendor-specific HTML form for service selection.
+     *
+     * @param registrationRequest - Registration request containing openid_configuration URL and optional registration_token
+     * @param requestPath - Current request path used to build form action URLs
+     * @returns HTML form for service selection and registration completion
+     * @throws {Error} When platform configuration fetch fails or session creation fails
+     */
+    initiateDynamicRegistration(registrationRequest: RegistrationRequest, requestPath: string): Promise<string>;
+    /**
+     * Completes LTI 1.3 dynamic registration by processing form submission and storing client configuration.
+     * Validates session, registers with platform, stores client/deployment data, and returns success page.
+     *
+     * @param dynamicRegistrationForm - Validated form data containing selected services and session token
+     * @returns HTML success page with registration details and close button
+     * @throws {Error} When session is invalid, registration fails, or storage operations fail
+     */
+    completeDynamicRegistration(dynamicRegistrationForm: DynamicRegistrationForm): Promise<string>;
+    /**
+     * Verifies and consumes a registration session token for security validation.
+     * Retrieves the session data and immediately deletes it to prevent replay attacks.
+     *
+     * @param sessionToken - UUID session token from the registration form
+     * @returns Session data if valid and not expired, undefined otherwise
+     */
+    verifyRegistrationSession(sessionToken: string): Promise<LTIDynamicRegistrationSession | undefined>;
+    /**
+     * Builds array of LTI message types based on selected services during registration.
+     * Always includes ResourceLinkRequest, conditionally adds DeepLinkingRequest.
+     *
+     * @param selectedServices - Array of service names selected by administrator
+     * @param deepLinkingUri - URI where deep linking requests should be sent
+     * @returns Array of LTI message configurations for the registration payload
+     */
+    private buildMessages;
+    /**
+     * Builds array of OAuth scopes based on selected LTI services during registration.
+     * Maps service selections to their corresponding LTI Advantage scope URIs.
+     *
+     * @param selectedServices - Array of service names selected by administrator ('ags', 'nrps', etc.)
+     * @returns Array of OAuth scope URIs to request from the platform
+     */
+    private buildScopes;
+    /**
+     * Constructs the complete tool registration payload for platform submission.
+     * Combines tool configuration, selected services, and OAuth parameters into LTI 1.3 registration format.
+     *
+     * @param selectedServices - Array of service names selected by administrator
+     * @returns Complete registration payload ready for platform submission
+     */
+    private buildRegistrationPayload;
+    private validateDynamicRegistrationResponse;
+    private getRegistrationSuccessHtml;
+}
+//# sourceMappingURL=dynamicRegistration.service.d.ts.map

package/dist/services/dynamicRegistration.service.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"dynamicRegistration.service.d.ts","sourceRoot":"","sources":["../../src/services/dynamicRegistration.service.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,MAAM,CAAC;AAEvC,OAAO,KAAK,EAAE,yBAAyB,EAAE,MAAM,4BAA4B,CAAC;AAC5E,OAAO,KAAK,EAAE,6BAA6B,EAAE,MAAM,gDAAgD,CAAC;AACpG,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,6BAA6B,CAAC;AAC9D,OAAO,KAAK,EAAE,uBAAuB,EAAE,MAAM,uEAAuE,CAAC;AAErH,OAAO,EACL,KAAK,mBAAmB,EAEzB,MAAM,oEAAoE,CAAC;AAC5E,OAAO,KAAK,EAAE,mBAAmB,EAAE,MAAM,oEAAoE,CAAC;AAS9G;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA2CG;AACH,qBAAa,0BAA0B;IAEnC,OAAO,CAAC,OAAO;IACf,OAAO,CAAC,yBAAyB;IACjC,OAAO,CAAC,MAAM;gBAFN,OAAO,EAAE,UAAU,EACnB,yBAAyB,EAAE,yBAAyB,EACpD,MAAM,EAAE,UAAU;IAG5B;;;;;;;OAOG;IACG,0BAA0B,CAC9B,mBAAmB,EAAE,mBAAmB,GACvC,OAAO,CAAC,mBAAmB,CAAC;IAkC/B;;;;;;;;OAQG;IACG,2BAA2B,CAC/B,mBAAmB,EAAE,mBAAmB,EACxC,WAAW,EAAE,MAAM,GAClB,OAAO,CAAC,MAAM,CAAC;IAsClB;;;;;;;OAOG;IACG,2BAA2B,CAC/B,uBAAuB,EAAE,uBAAuB,GAC/C,OAAO,CAAC,MAAM,CAAC;IAoDlB;;;;;;OAMG;IACG,yBAAyB,CAC7B,YAAY,EAAE,MAAM,GACnB,OAAO,CAAC,6BAA6B,GAAG,SAAS,CAAC;IAQrD;;;;;;;OAOG;IACH,OAAO,CAAC,aAAa;IAoBrB;;;;;;OAMG;IACH,OAAO,CAAC,WAAW;IAoBnB;;;;;;OAMG;IACH,OAAO,CAAC,wBAAwB;YAkClB,mCAAmC;IAgBjD,OAAO,CAAC,0BAA0B;CAiDnC"}