xAPI authentication

approg Community Member Posts: 258 ♪ Opening Act ♪
There appears to be more than one way to authenticate a user with an xAPI published title and some of the research I've done indicates:
  • The title is expected to do the authentication
  • Titles must be capable of supporting OAuth
  • Users would need an account on the LRS to use 3-legged OAuth
So if a published xAPI title is launched by a user and the title is not within an LMS is the title expected to do the authentication? That is how does a Lectora title know what type of authentication an LRS will require when the title is published for xAPI (Tincan)?

Even is I decide the title is launched with a launch link eg
?endpoint=http://example.scorm.com/lrs/ &auth=OjFjMGY4NTYxNzUwOGI4YWY0NjFkNzU5MWUxMzE1ZGQ1
&actor={ "name" : ["Project Tin Can"], "mbox" : ["mailto:[email protected]"] } &registration=760e3480-ba55-4991-94b0-01820dbd23a2 &activity_id=http://example.scorm.com/tincan/example/simplestatement
how can the link be created without some login procedure:
  1. Hi I'm Antonia
  2. Hi Antonia, what's you password
  3. My password is "blah"
  4. Ok, the courses I can offer you are...
  5. Thanks, give me course 3
  6. Course 3 is launched with an appropriate link
As you can probably tell I'm struggling a bit here with creating an xAPI course that I can just give to the client without needing to deal with lots of other problems. [In the scorm days all I asked was for what version of scorm, what LMS they were intending to use, and whether the LMS opened courses in a new window.]


  • approg
    approg Community Member Posts: 258 ♪ Opening Act ♪
    I'm working my way slowly through the xAPI spec and comparing it to what Lectora publishes and (not surprising) it appears it would only work in two of at least four circumstances xAPI is supposed to support: mbox; mbox_sha1sum; account; and, openid.

    BTW Lectora has code to support "ancient" browsers - which is good as some organisations resist or can't update very often. The JavaScript in the xAPI Tincan functions makes use of arrow functions (=>). Arrow functions are a splendid addition to JavaScript but they are not supported in "ancient" browsers and not by Internet Explorer at all.

    Is the belief that those that still use "ancient" browsers won't be wanting xAPI?