Z2jh lti1.3 authentication '_xsrf' argument missing from POST


I keep getting the below error

403 POST /hub/lti13/oauth_login ( '_xsrf' argument missing from POST

when using lti13 authentication in z2jh and I’m wondering how I can resolve this issue.


Which version of LTI13 are you using? Are you overriding any login form templates?

My ltiauthenticator version is 1.3.0. I downloaded it from here GitHub - jupyterhub/ltiauthenticator: A JupyterHub authenticator for LTI and installed it using pip install -e . after modifying __init__ file to:

from ._version import __version__
from .lti11.auth import LTI11Authenticator as LTIAuthenticator
from .lti13.auth import LTI13Authenticator as LTI13Authenticator # this line added

I used the below piece of code in my z2jh values:

    auth: |
        import ltiauthenticator
        import re
        class MyLTI13Authenticator(ltiauthenticator.lti13.auth.LTI13Authenticator):
          def normalize_username(self, username):
            return re.sub(r'[@.]+', '-', username)
        c.JupyterHub.authenticator_class = MyLTI13Authenticator
        c.LTI13Authenticator.issuer = "xxxx"
        c.LTI13Authenticator.authorize_url = "xxxx"
        c.LTI13Authenticator.jwks_endpoint = "xxxx"
        c.LTI13Authenticator.client_id = "xxxx"
        c.LTI13Authenticator.username_key = "email"

If you are using latest JupyterHub (>=4), I think you should use latest version of LTI authenticator. From GitHub, I see 1.6.1 is the latest one. Could you try it?

1 Like

Thanks a lot. It worked after installing ltiauthenticator 1.6.1 but I had to add this line to my hub image:

RUN echo "from .lti13.auth import LTI13Authenticator as LTI13Authenticator" >> /usr/local/lib/python3.11/site-packages/ltiauthenticator/__init__.py
1 Like