exp

lti/views.py

@@ -109,6 +109,8 @@ class OIDCLoginView(View):
                     params = {
                         'response_type': 'id_token',
                         'redirect_uri': target_link_uri,
+                        # PyLTI1p3 OIDCLogin.redirect() sets cookie with state
+                        # But Moodle might need it in the return
                         'state': state,
                         'client_id': client_id,
                         'login_hint': login_hint,
@@ -157,8 +159,20 @@ class LaunchView(View):
                 raise ValueError("Missing id_token in launch request")
 
             unverified = jwt.decode(id_token, options={"verify_signature": False})
+
+            # Debug logging
+            print("LTI LAUNCH UNVERIFIED HEADER:", jwt.get_unverified_header(id_token))
+            print("LTI LAUNCH UNVERIFIED PAYLOAD:", unverified)
+
             iss = unverified.get('iss')
+
+            # Handle Moodle issuer variations (some versions have trailing slash)
+            # Check exact match first, then try with/without slash
+            # This is a common issue with LTI 1.3 integrations
             aud = unverified.get('aud')
+            if isinstance(aud, list):
+                aud = aud[0]
+
             try:
                 platform = LTIPlatform.objects.get(platform_id=iss, client_id=aud)
             except LTIPlatform.DoesNotExist: