[Question] Is it possible to bypass authentication for /api route calls? #264
Description
Hello, thank you for creating this library. It has been a really huge help to us. I would like to like to ask if it's possible to create /api routes that bypass the ltik authentication
Describe the bug
I want to create a route to register/unregister platforms via /api route over http requests. However, when I added the routes, it requires ltik authentication. In the logs it says provider:main No ltik found +1ms.
Here's a sample code base: https://github.com/jmarioste/lti-server-test
And here's the link to the API routes : https://github.com/jmarioste/lti-server-test/blob/main/src/api_routes.ts
Expected behavior
Is it possible to bypass the ltik authentication so that I can create a basic authentication via api_key instead?
Provider logs
Copy of the relevant provider logs.
- Run code with debug flag:
DEBUG=provider:* npm start. - Copy logs relevant to the issue.
LTI server is running on port 3005
provider:main Receiving request at path: /api/platforms +21s
provider:main Path does not match reserved endpoints +0ms
provider:main Cookies received: +0ms
provider:main [Object: null prototype] {} +0ms
provider:main No ltik found +1ms
provider:main Request body: {
platformUrl: 'https://sandbox.moodledemo.net',
platformName: 'Moodle',
clientId: 'H4cEfvqM1G0XWzV',
authEndpoint: 'https://sandbox.moodledemo.net/mod/lti/auth.php',
accesstokenEndpoint: 'https://sandbox.moodledemo.net/mod/lti/token.php',
authConfig: {
method: 'JWK_SET',
key: 'https://sandbox.moodledemo.net/mod/lti/certs.php'
}
} +0ms
provider:main Passing request to invalid token handler +0ms
Screenshots
N/A
Ltijs version
- "ltijs": "^5.9.7",
NodeJS version
- v22.11.0
Platform used
- N/A moodle
Additional context
Add any other context about the problem here.