LTI launch requires launch URL

[elliottyates]

If I'm reading the LTI spec correctly, launch_url and secure_launch_url are not required by a valid configuration. This seems to be supported by the way Canvas, for one, supports domain-wide launch authorization: https://github.com/instructure/canvas-lms/blob/release/2019-01-05.12/doc/api/tools_xml.md#domain-matching-name-only-privacy-level.

I've gotten around this issue by reparsing the ToolConfig as XML and removing those nodes before providing the config to the tool consumer. I'm curious as to whether I'm going about this all wrong, or whether anyone else would have this use case.

Thanks for the great work on this library.

[ryanhiebert]

Interesting, I've never heard of the domain tag, or the ability to do LTI launches from arbitrary URLs in the tool consumer. I agree that it appears that launch_url and secure_launch_url are then not required. Would you care to make a patch to fix it?

P.S. I found this helpful when I was trying to figure out what this was for, especially the graphic lower down the page. https://community.canvaslms.com/thread/14437-what-is-the-purpose-of-the-domain-field-in-an-lti-config

[elliottyates]

Thanks @ryanhiebert for your confirmation. We'll try to get a patch out for it sometime, maybe the next time we touch that part of our code. Cheers!