Functions
catch(ilCmiXapiException $e)	send ($response)

Variables
	$tokenRestriction = true
	see: https://github.com/AICC/CMI-5_Spec_Current/blob/quartz/cmi5_spec.md#fetch_url response should always be a valid json object check oneway fetching is optional: More...

	$origParam = $_GET['param']

if(!isset($origParam)\|\|!strlen($origParam))	try

	$param

	$_COOKIE [session_name()] = $param[session_name()]

	$_COOKIE ['ilClientId'] = $param['ilClientId']

	$objId = $param['obj_id']

	$refId = $param['ref_id']

	$DIC = $GLOBALS['DIC']

	$token = ilCmiXapiAuthToken::getInstanceByObjIdAndRefIdAndUsrId($objId, $refId, $DIC->user()->getId())

if($object->getContentType()==ilObjCmiXapi::CONT_TYPE_CMI5) if($object->isBypassProxyEnabled())	else

	$response = array("auth-token" => $authToken)

Function Documentation

◆ send()

catch (ilCmiXapiException $e) send ( $response )

Definition at line 82 of file xapitoken.php.

References $_SERVER, $response, and exit.

Referenced by ilRegistrationMimeMailNotification\__construct(), ilMailSummaryNotification\__construct(), ilAccountMail\addAttachments(), soap_client\call(), nusoap_client\call(), and soap_transport_http\sendHTTPS().

 {
     header('Access-Control-Allow-Origin: ' . $_SERVER["HTTP_ORIGIN"]);
     header('Access-Control-Allow-Credentials: true');
     header('Content-type:application/json;charset=utf-8');
     echo json_encode($response);
     exit;
 }

Here is the caller graph for this function:

Variable Documentation

◆ $_COOKIE [1/2]

$_COOKIE[session_name()] = $param[session_name()]

Definition at line 37 of file xapitoken.php.

Referenced by ilPDOAuthentication\__construct(), ilStartUpGUI\_checkGoto(), ilSession\_destroy(), ilTinyMCE\addCustomRTESupport(), ilTinyMCE\addRTESupport(), ilTestInfoScreenToolbarGUI\buildSessionLockString(), ilSessionControl\checkExpiredSession(), ilContainerGUI\cloneAllObject(), ilObjectCopyGUI\copyContainer(), ilInitialisation\determineClient(), ilSCORMOfflineModeGUI\executeCommand(), ilDclContentExporter\exportAsync(), ilContainerGUI\fileManagerLaunchObject(), ShibWAYF\generateSelection(), ilLTIViewGUI\getCookieValue(), assJavaAppletGUI\getPreview(), assFlashQuestionGUI\getSolutionOutput(), assJavaAppletGUI\getSolutionOutput(), assFlashQuestionGUI\getTestOutput(), assJavaAppletGUI\getTestOutput(), CAS_Client\handleLogoutRequests(), ilSoapAdministration\initAuth(), ilECSTaskScheduler\initNextExecution(), ilSoapUserAdministration\login(), ilSoapUserAdministration\loginStudipUser(), ilLTIViewGUI\logout(), ilCalendarRemoteAccessHandler\parseRequest(), ILIAS\UI\Implementation\Component\Layout\Page\Renderer\renderStandardPage(), ilInitialisation\resumeUserSession(), ILIAS\BackgroundTasks\Implementation\TaskManager\AsyncTaskManager\run(), ilUtil\setCookie(), ShibWAYF\setSAMLCookie(), ilPlainTextHandler\tables(), and ilLoggingErrorFileStorage\tables().

◆ $_COOKIE [2/2]

$_COOKIE[ 'ilClientId'] = $param['ilClientId']

Definition at line 38 of file xapitoken.php.

◆ $DIC

$DIC = $GLOBALS['DIC']

Definition at line 44 of file xapitoken.php.

◆ $objId

$objId = $param['obj_id']

Definition at line 39 of file xapitoken.php.

Referenced by ilUserDefinedFieldsPlaceholderValues\__construct(), ilSoapStructureObject\__construct(), ilSoapRepositoryStructureObject\__construct(), ilTestPlaceholderValues\__construct(), ilDefaultPlaceholderValues\__construct(), ilDclDetailedViewGUI\__construct(), ilObjCourseReferenceAccess\_preloadData(), ilObjChatroom\cloneObject(), ilCertificateTemplateRepository\deleteTemplate(), ilCmiXapiAuthToken\deleteTokenByObjIdAndRefIdAndUsrId(), ilCmiXapiAuthToken\deleteTokenByObjIdAndUsrId(), ilObjCourseGUI\deliverCertificateObject(), ilLPStatusLtiOutcome\ensureObject(), ilLPStatusCmiXapiAbstract\ensureObject(), Certificate\API\Filter\UserDataFilter\ensureValidUniqueObjIds(), ilCmiXapiAuthToken\fillToken(), ilCmiXapiContentUploadImporter\generateActivityId(), ilCourseMailTemplateMemberContext\getCachedPeriodByObjId(), ilCourseMailTemplateTutorContext\getCachedPeriodByObjId(), ilLPStatusCmiXapiAbstract\getCmixUserResult(), ilCertificateCron\getDefaultScheduleValue(), ilCertificateGUI\getEditorForm(), ilCertificateObjectLPHelper\getInstance(), ilSoapStructureObjectFactory\getInstance(), ilCmiXapiAuthToken\getInstanceByObjIdAndRefIdAndUsrId(), ilCmiXapiAuthToken\getInstanceByObjIdAndUsrId(), XapiProxy\XapiProxyPolyFill\getLrsType(), ilLPStatusLtiOutcome\getLtiUserResult(), ilPDSelectedItemsBlockMembershipsProvider\getObjectsByMembership(), ilLTIConsumerResult\getResultsForObject(), ilForumDraftsDerivedTaskProvider\getTasks(), ilLPStatusCmiXapiAbstract\getUserIdsByLpStatusNum(), ilLPStatusTestPassed\getUserIdsByResultArrayStatus(), ilCmiXapiAuthToken\insertToken(), ilObjChatroomAccess\isActivated(), ilCertificateActiveAction\isObjectActive(), ilObjTest\lookupQuestionSetType(), ilContentPageDataSet\readData(), ilXapiResultsCronjob\run(), ilObjLTIConsumerVerificationGUI\save(), ilObjCmiXapiVerificationGUI\save(), ilCertificateTemplateRepository\save(), ilUserCertificateRepository\save(), ilObjChatroomGUI\settings(), and assQuestion\syncWithOriginal().

◆ $origParam

$origParam = $_GET['param']

Definition at line 19 of file xapitoken.php.

◆ $param

$param

Initial value:

= json_decode(openssl_decrypt(
        $param,
        ilCmiXapiAuthToken::OPENSSL_ENCRYPTION_METHOD,
        ilCmiXapiAuthToken::getWacSalt(),
        0,
        ilCmiXapiAuthToken::OPENSSL_IV
    ), true)

Definition at line 29 of file xapitoken.php.

Referenced by ilCombinationInputGUI\__call(), Text_Diff_Renderer\__construct(), ilStartUpGUI\_checkGoto(), ilHistory\_createEntry(), ilNotificationOSDHandler\appendParamToLink(), base(), ilCmiXapiLaunchGUI\buildAuthTokenFetchParam(), ILIAS\GlobalScreen\Scope\Layout\Factory\AbstractLayoutModification\checkClosure(), ilOrgUnitStaffGUI\confirmRemoveUser(), ilObjLinkResourceGUI\deleteParameter(), ilObjLinkResourceGUI\deleteParameterForm(), ilErrorHandling\devmodeHandler(), ilFileUtils\fastGZip(), ilWebResourceEditableLinkTableGUI\fillRow(), ilCmiXapiLaunchGUI\getAuthTokenFetchLink(), ilObjQuestionPoolListGUI\getCommandLink(), ilObjTestListGUI\getCommandLink(), ilObjLTIConsumer\getCustomParams(), LSUrlBuilder\getHref(), ilForumXMLParser\getIdAndAliasArray(), ILIAS\Data\URI\getParameter(), LSUrlBuilder\getURL(), ilWACPath\handleParameters(), ilWebLinkXmlParser\handlerBeginTag(), ilWebLinkXmlParser\handlerEndTag(), ilPCSection\insertTimings(), soap_server\invoke_method(), nusoap_server\invoke_method(), ilPortfolioPageGUI\makePlaceHoldersClickable(), ilPCPlaceHolder\modifyPageContentPostXsl(), ilPCLearningHistory\modifyPageContentPostXsl(), ilPCContentInclude\modifyPageContentPostXsl(), ilPCPlugged\modifyPageContentPostXsl(), ilPCMap\modifyPageContentPostXsl(), ilNoteGUI\notifyObserver(), ilICalParser\parseLine(), ilVirusScannerICapRemote\parseResponse(), ilLSPlayer\play(), assJavaAppletGUI\populateQuestionSpecificFormPart(), ilLanguageFile\read(), ilInitialisation\redirect(), ilICalParser\storeItems(), assJavaAppletExport\toXML(), ilLinkResourceItems\toXML(), ilLearningModuleKioskModeView\updateGet(), ilObjLinkResourceGUI\updateLinks(), ilLSPlayer\updateViewState(), and ilICalParser\writeEvent().

◆ $refId

$refId = $param['ref_id']

Definition at line 40 of file xapitoken.php.

Referenced by ilSoapRepositoryStructureObject\__construct(), ilQuestionPoolSkillAdministrationGUI\__construct(), ilTestSkillAdministrationGUI\__construct(), ilObjTestGUI\__construct(), ilObjContentPageGUI\_goto(), Certificate\API\Data\UserCertificateDto\addRefId(), ilObjTestDynamicQuestionSetConfig\areDepenciesInVulnerableState(), ilSoapTestAdministration\checkManageParticipantsAccess(), ilSoapTestAdministration\checkParticipantsResultsAccess(), ilChatroom\checkPermissions(), ilPollBlockGUI\commentJSCall(), ilObjForumNotificationDataProvider\createRecipientArray(), ilCmiXapiAuthToken\deleteTokenByObjIdAndRefIdAndUsrId(), ilCmiXapiAuthToken\fillToken(), ilCmiXapiAuthToken\getCmi5SessionByUsrIdAndObjIdAndRefId(), ilTestRandomQuestionSetConfig\getCommaSeparatedSourceQuestionPoolLinks(), ilBlogDraftsDerivedTaskProvider\getFirstRefIdWithPermission(), ilForumDraftsDerivedTaskProvider\getFirstRefIdWithPermission(), ilCmiXapiAuthToken\getInstanceByObjIdAndRefIdAndUsrId(), ilPDSelectedItemsBlockMembershipsProvider\getObjectsByMembership(), ilTestQuestionBrowserTableGUI\getQuestionParentObjIds(), ilTestExpressPage\getReturnToPageLink(), ilObjTestDynamicQuestionSetConfig\getSourceQuestionPoolLink(), ilObjTestDynamicQuestionSetConfig\getSourceQuestionPoolSummaryString(), ilBlogDraftsDerivedTaskProvider\getTasks(), ilForumDraftsDerivedTaskProvider\getTasks(), ilSoapTestAdministration\getTestAccess(), ilCertificateAppEventListener\handleLPUpdate(), ilCmiXapiAuthToken\insertToken(), ilObjChatroomAccess\isActivated(), ilPDSelectedItemsBlockViewGUI\isRootNode(), ilUserCertificateGUI\listCertificates(), ilPDSelectedItemsBlockMembershipsViewGUI\mayRemoveItem(), ilMailGroupAddressType\resolve(), ilCertificateSettingsCourseFormRepository\save(), ilObjChatroomAccessTest\test_checkAccessReturnFalse(), and ilObjChatroomAccessTest\test_checkAccessReturnTrueWithRbacAccess().

◆ $response

$response = array("auth-token" => $authToken)

Definition at line 75 of file xapitoken.php.

Referenced by send().

◆ $token

$token = ilCmiXapiAuthToken::getInstanceByObjIdAndRefIdAndUsrId($objId, $refId, $DIC->user()->getId())

Definition at line 52 of file xapitoken.php.

Referenced by XapiProxy\XapiProxy\__construct(), XapiProxy\XapiProxyPolyFill\__construct(), OAuthSignatureMethod_HMAC_SHA1\build_signature(), OAuthSignatureMethod_PLAINTEXT\build_signature(), OAuthRequest\build_signature(), ilCmiXapiLaunchGUI\buildLaunchLink(), ilObjLTIConsumer\buildLaunchParameters(), ilDclExpressionParser\calculateFunctions(), ilPersonalProfileGUI\changeEmail(), OAuthServer\check_nonce(), OAuthSignatureMethod\check_signature(), OAuthServer\check_signature(), ilWebDAVDBManager\checkIfLockExistsInDB(), ilCmiXapiLaunchGUI\CMI5preLaunch(), ilChatroomTabGUIFactory\convertUnderscoreCaseToLowerCamelCaseConversion(), ilCalendarSubscriptionGUI\createToken(), ilAuthProviderOpenIdConnect\doAuthentication(), EvalMath\evaluate(), OAuthServer\fetch_access_token(), OAuthServer\fetch_request_token(), OAuthRequest\from_consumer_and_token(), EvalMath\from_hexbin(), OAuthServer\get_token(), ilCmiXapiLaunchGUI\getLaunchParameters(), ilLTIConsumerContentGUI\getLaunchParameters(), ilWebDAVDBManager\getLockObjectWithTokenFromDB(), ilWACTokenTest\getModifiedSignedPath(), ILIAS\User\Profile\ProfileChangeMailTokenDBRepository\getNewTokenForUser(), ilLTIConsumerContentGUI\getStartButtonTxt11(), ilCmiXapiLaunchGUI\getValidToken(), ilPersonalProfileGUI\goToEmailConfirmation(), ilLTIConsumerResultService\handleRequest(), ilECSParticipantSettingsGUI\initFormSettings(), ilDclExpressionParser\isMathToken(), ilCmiXapiLaunchGUI\launchCmd(), ilDclExpressionParser\parse(), ilLangDeprecated\parseCodeFile(), ilDclExpressionParser\parseMath(), EvalMath\pfx(), ilWebDAVDBManager\removeLockWithTokenFromDB(), OAuthRequest\sign_request(), ilDclExpressionParser\substituteFieldValues(), XapiProxy\XapiProxy\token(), and OAuthServer\verify_request().

◆ $tokenRestriction

$tokenRestriction = true

see: https://github.com/AICC/CMI-5_Spec_Current/blob/quartz/cmi5_spec.md#fetch_url response should always be a valid json object check oneway fetching is optional:

The AU SHOULD NOT attempt to retrieve the authorization token more than once. The fetch URL is a "one-time use" URL and subsequent uses SHOULD generate an error (see Section 8.2.3).

On reloading the initial content page it will send the exact url twice, should we really restrict this behavior? If there are issues on page reload it might be useful to set $tokenRestriction = false .

Definition at line 17 of file xapitoken.php.