You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Currently, when an LTI tool registers a user in BlockPy, it uses their email address to recognize them. However, it was pointed out that email addresses can change. Instead, we should apparently use the SISID as a more stable mechanism. This might be as easy as a new column for users, but I think to do this properly we actually need to have a separate table or move the mechanism into the Authentication table.
We'd need to also investigate whether this fix would A) work with every LMS, and B) avoid breaking existing data for other schools. Finally, I'd want to assess what added security risk storing these SISIDs would have.
It's possible this should all be in Version 6 as part of the major architectural changes.
The text was updated successfully, but these errors were encountered:
Currently, when an LTI tool registers a user in BlockPy, it uses their email address to recognize them. However, it was pointed out that email addresses can change. Instead, we should apparently use the SISID as a more stable mechanism. This might be as easy as a new column for users, but I think to do this properly we actually need to have a separate table or move the mechanism into the Authentication table.
We'd need to also investigate whether this fix would A) work with every LMS, and B) avoid breaking existing data for other schools. Finally, I'd want to assess what added security risk storing these SISIDs would have.
It's possible this should all be in Version 6 as part of the major architectural changes.
The text was updated successfully, but these errors were encountered: