InteIIigeNET · KirillBorisovich · Nov 30, 2025 · Nov 30, 2025 · Dec 4, 2025 · Dec 5, 2025
diff --git a/.gitignore b/.gitignore
@@ -362,3 +362,4 @@ StyleCop.Cache
 swagger-codegen
 hwproj.front/static_dist/
 hwproj.front/dist/
+.DS_Store
diff --git a/HwProj.APIGateway/HwProj.APIGateway.API/Controllers/CoursesController.cs b/HwProj.APIGateway/HwProj.APIGateway.API/Controllers/CoursesController.cs
@@ -309,7 +309,8 @@ private async Task<CourseViewModel> ToCourseViewModel(CourseDTO course)
             NewStudents = newStudents.ToArray(),
             Homeworks = course.Homeworks,
             IsCompleted = course.IsCompleted,
-            IsOpen = course.IsOpen
+            IsOpen = course.IsOpen,
+            LtiToolName =  course.LtiToolName,
         };
     }
 }
diff --git a/HwProj.APIGateway/HwProj.APIGateway.API/Controllers/SolutionsController.cs b/HwProj.APIGateway/HwProj.APIGateway.API/Controllers/SolutionsController.cs
@@ -139,6 +139,7 @@ public async Task<IActionResult> GetStudentSolution(long taskId, string studentI
         return Ok(new UserTaskSolutionsPageData
         {
             CourseId = course.Id,
+            LtiToolName = course.LtiToolName,
             CourseMates = accounts,
             TaskSolutions = taskSolutions
         });

diff --git a/HwProj.APIGateway/HwProj.APIGateway.API/HwProj.APIGateway.API.csproj b/HwProj.APIGateway/HwProj.APIGateway.API/HwProj.APIGateway.API.csproj
@@ -21,6 +21,7 @@
   </ItemGroup>
 
   <ItemGroup>
+    <PackageReference Include="LtiAdvantage" Version="2.0.1" />
     <PackageReference Include="Microsoft.AspNetCore.Authentication.JwtBearer" Version="8.0.20" />
     <PackageReference Include="Swashbuckle.AspNetCore" Version="9.0.4" />
     <PackageReference Include="AutoMapper" Version="15.0.1" />

diff --git a/HwProj.APIGateway/HwProj.APIGateway.API/Lti/Configuration/LtiPlatformConfig.cs b/HwProj.APIGateway/HwProj.APIGateway.API/Lti/Configuration/LtiPlatformConfig.cs
@@ -0,0 +1,19 @@
+namespace HwProj.APIGateway.API.Lti.Configuration;
+
+public class LtiPlatformConfig
-public class LtiPlatformConfig
+internal class LtiPlatformConfig
-public class LtiPlatformConfig
+internal class LtiPlatformConfig
+{
+    public string Issuer { get; set; }
+    public string OidcAuthorizationEndpoint { get; set; }
+    public string DeepLinkReturnUrl { get; set; }
+    public string ResourceLinkReturnUrl { get; set; }
+    public string AssignmentsGradesEndpoint { get; set; }
+    public string AccessTokenUrl { get; set; }
+    public string JwksEndpoint { get; set; }
+    public LtiSigningKeyConfig SigningKey { get; set; }
+}
+
+public class LtiSigningKeyConfig
-public class LtiSigningKeyConfig
+internal class LtiSigningKeyConfig
-public class LtiSigningKeyConfig
+internal class LtiSigningKeyConfig
+{
+    public string KeyId { get; set; }
+    public string PrivateKeyPem { get; set; }
+}
diff --git a/HwProj.APIGateway/HwProj.APIGateway.API/Lti/Configuration/LtiToolConfig.cs b/HwProj.APIGateway/HwProj.APIGateway.API/Lti/Configuration/LtiToolConfig.cs
@@ -0,0 +1,13 @@
+namespace HwProj.APIGateway.API.Lti.Configuration
+{
+    public class LtiToolConfig
-    public class LtiToolConfig
+    internal class LtiToolConfig
-    public class LtiToolConfig
+    internal class LtiToolConfig
+    {
+        public string Name { get; set; }
+        public string Issuer { get; set; } 
+        public string ClientId { get; set; }
+        public string JwksEndpoint { get; set; }
+        public string InitiateLoginUri { get; set; }
+        public string LaunchUrl { get; set; }
+        public string DeepLink { get; set; } 
+    }
+}
diff --git a/HwProj.APIGateway/HwProj.APIGateway.API/Lti/Controllers/JwksController.cs b/HwProj.APIGateway/HwProj.APIGateway.API/Lti/Controllers/JwksController.cs
@@ -0,0 +1,57 @@
+using System.Security.Cryptography;
+using HwProj.APIGateway.API.Lti.Configuration;
+using Microsoft.AspNetCore.Authorization;
+using Microsoft.AspNetCore.Mvc;
+using Microsoft.Extensions.Options;
+using Microsoft.IdentityModel.Tokens;
+
+namespace HwProj.APIGateway.API.Lti.Controllers;
+
+[Route("api/lti")]
+[ApiController]
+public class JwksController(IOptions<LtiPlatformConfig> options) : ControllerBase
+{
+    private readonly LtiPlatformConfig _config = options.Value;
+
+    [HttpGet("jwks")]
+    [AllowAnonymous]
+    public IActionResult GetJwks()
+    {
+        var keyConfig = _config.SigningKey;
+
+        if (string.IsNullOrEmpty(keyConfig?.PrivateKeyPem))
+        {
+            return StatusCode(500, "Signing key is not configured.");
+        }
+
+        using var rsa = RSA.Create();
+        try
+        {
+            rsa.ImportFromPem(keyConfig.PrivateKeyPem);
+        }
+        catch (CryptographicException)
+        {
+            return StatusCode(500, "Invalid Private Key format in configuration.");
+        }
+
+        var publicParams = rsa.ExportParameters(false);
+
+        var jwks = new
+        {
+            keys = new[]
+            {
+                new
+                {
+                    kty = "RSA",
+                    e = Base64UrlEncoder.Encode(publicParams.Exponent),
+                    n = Base64UrlEncoder.Encode(publicParams.Modulus),
+                    kid = keyConfig.KeyId,
+                    alg = "RS256",
+                    use = "sig"
+                }
+            }
+        };
+
+        return Ok(jwks);
+    }
+}
diff --git a/HwProj.APIGateway/HwProj.APIGateway.API/Lti/Controllers/LtiAccessTokenController.cs b/HwProj.APIGateway/HwProj.APIGateway.API/Lti/Controllers/LtiAccessTokenController.cs
@@ -0,0 +1,98 @@
+using System;
+using System.IdentityModel.Tokens.Jwt;
+using System.Threading.Tasks;
+using HwProj.APIGateway.API.Lti.Configuration;
+using HwProj.APIGateway.API.Lti.Services;
+using HwProj.APIGateway.API.LTI.Services;
+using Microsoft.AspNetCore.Authorization;
+using Microsoft.AspNetCore.Http;
+using Microsoft.AspNetCore.Mvc;
+using Microsoft.Extensions.Options;
+using Microsoft.IdentityModel.Tokens;
+
+namespace HwProj.APIGateway.API.Lti.Controllers;
+
+[Route("api/lti")]
+[ApiController]
+public class LtiAccessTokenController(
+    IOptions<LtiPlatformConfig> options,
+    ILtiToolService toolService,
+    ILtiKeyService ltiKeyService,
+    ILtiTokenService tokenService
+    ) : ControllerBase
+{
+    [HttpPost("token")]
+    [AllowAnonymous]
+    public async Task<IActionResult> GetTokenAsync([FromForm] IFormCollection form)
+    {
+        if (!form.TryGetValue("grant_type", out var grantType) || grantType != "client_credentials")
+        {
+            return BadRequest(new { error = "unsupported_grant_type", error_description = "Only 'client_credentials' is supported." });
+        }
+
+        if (!form.TryGetValue("client_assertion_type", out var assertionType) ||
+            assertionType != "urn:ietf:params:oauth:client-assertion-type:jwt-bearer")
+        {
+            return BadRequest(new { error = "invalid_request", error_description = "Invalid client_assertion_type." });
+        }
+
+        if (!form.TryGetValue("client_assertion", out var clientAssertion))
+        {
+            return BadRequest(new { error = "invalid_request", error_description = "Missing client_assertion." });
+        }
+
+        var handler = new JwtSecurityTokenHandler();
+        if (!handler.CanReadToken(clientAssertion))
+        {
+            return BadRequest(new { error = "invalid_client", error_description = "Invalid JWT structure." });
+        }
+
+        var unverifiedToken = handler.ReadJwtToken(clientAssertion);
+
+        var clientId = unverifiedToken.Subject;
+
+        var tool = toolService.GetByClientId(clientId);
+        if (tool == null)
+        {
+            return Unauthorized(new { error = "invalid_client", error_description = $"Unknown clientId: {clientId}" });
+        }
+
+        var signingKeys = await ltiKeyService.GetKeysAsync(tool.JwksEndpoint);
+
+        try
+        {
+            var tokenEndpointUrl = options.Value.AccessTokenUrl;
+
+            handler.ValidateToken(clientAssertion, new TokenValidationParameters
+            {
+                ValidateIssuer = true,
+                ValidIssuer = unverifiedToken.Issuer,
+
+                ValidateAudience = true,
+                ValidAudience = tokenEndpointUrl,
+
+                ValidateLifetime = true,
+                ClockSkew = TimeSpan.FromMinutes(5),
+
+                ValidateIssuerSigningKey = true,
+                IssuerSigningKeys = signingKeys
+            }, out _);
+        }
+        catch (Exception ex)
+        {
+            return Unauthorized(new { error = "invalid_client", error_description = $"Token validation failed: {ex.Message}" });
+        }
+
+        const string scope = "https://purl.imsglobal.org/spec/lti-ags/scope/score";
+
+        var accessToken = tokenService.GenerateAccessTokenForLti(tool.ClientId, scope);
+
+        return Ok(new
+        {
+            access_token = accessToken,
+            token_type = "Bearer",
+            expires_in = 3600,
+            scope
+        });
+    }
+}
diff --git a/HwProj.APIGateway/HwProj.APIGateway.API/Lti/Controllers/LtiAssignmentsGradesControllers.cs b/HwProj.APIGateway/HwProj.APIGateway.API/Lti/Controllers/LtiAssignmentsGradesControllers.cs
@@ -0,0 +1,99 @@
+using System;
+using System.Collections.Generic;
+using System.Security.Claims;
+using System.Threading.Tasks;
+using HwProj.APIGateway.API.Lti.Services;
+using HwProj.CoursesService.Client;
+using HwProj.Models.SolutionsService;
+using HwProj.SolutionsService.Client;
+using Microsoft.AspNetCore.Authorization;
+using Microsoft.AspNetCore.Mvc;
+using LtiAdvantage.AssignmentGradeServices;
+
+namespace HwProj.APIGateway.API.Lti.Controllers;
+
+[Route("api/lti")]
+[ApiController]
+[Authorize(AuthenticationSchemes = "LtiScheme")]
+public class LtiAssignmentsGradesControllers(
+    ICoursesServiceClient coursesServiceClient,
+    ISolutionsServiceClient solutionsClient,
+    ILtiToolService toolService)
+    : ControllerBase
+{
+    [HttpPost("lineItem/{taskId}/scores")]
+    [Consumes("application/json", "application/vnd.ims.lis.v1.score+json")]
+    public async Task<IActionResult> UpdateTaskScore(long taskId, [FromBody] Score score)
+    {
+        var scopeClaim = User.FindFirst("scope")?.Value;
+        if (string.IsNullOrEmpty(scopeClaim) || !scopeClaim.Contains("https://purl.imsglobal.org/spec/lti-ags/scope/score"))
+        {
+            return Forbid();
+        }
+
+        var toolClientId = User.FindFirst(ClaimTypes.NameIdentifier)?.Value
+                           ?? User.FindFirst("sub")?.Value;
+
+        if (string.IsNullOrEmpty(toolClientId))
+        {
+            return Unauthorized("Unknown tool client id.");
+        }
+
+        var tool = toolService.GetByClientId(toolClientId);
+        if (tool == null)
+        {
+            return BadRequest("Tool not found.");
+        }
+
+        var course = await coursesServiceClient.GetCourseByTaskForLti(taskId, score.UserId);
+        if (course == null)
+        {
+            return BadRequest("The task does not belong to any course.");
+        }
+
+        if (course.LtiToolName != tool.Name)
+        {
+            return BadRequest("This tool does not apply to this course.");
+        }
+
+        if (score.ScoreGiven < 0 || score.ScoreGiven > score.ScoreMaximum)
+        {
+            return BadRequest("ScoreGiven must be between 0 and ScoreMaximum.");
+        }
+
+        try
+        {
+            await this.SetTaskGrade(taskId, score);
+            return Ok(new { message = "Score updated successfully" });
+        }
+        catch (KeyNotFoundException ex)
+        {
+            return NotFound(ex.Message);
+        }
+        catch (Exception)
+        {
+            return StatusCode(500, "Internal Server Error");
+        }
+    }
+
+    private async Task SetTaskGrade(long taskId, Score score)
+    {
+        var postSolutionModel = new PostSolutionModel
+        {
+            StudentId = score.UserId,
+            LecturerComment = score.Comment,
+            Rating =  (int)Math.Round(score.ScoreGiven)
+        };
+
+
+        var solutionId = await solutionsClient.PostSolutionForLti(taskId, postSolutionModel);
+
+        var rate = new RateSolutionModel
+        {
+            Rating = (int)Math.Round(score.ScoreGiven),
+            LecturerComment = score.Comment
+        };
+
+        await solutionsClient.RateSolutionForLti(solutionId, rate);
+    }
+}