Z2jh lti1.3 authentication '_xsrf' argument missing from POST

bpfrd · January 2, 2024, 8:37am

Hello,

I keep getting the below error

403 POST /hub/lti13/oauth_login (10.42.0.1): '_xsrf' argument missing from POST

when using lti13 authentication in z2jh and I’m wondering how I can resolve this issue.

best

mahendrapaipuri · January 2, 2024, 9:30am

Which version of LTI13 are you using? Are you overriding any login form templates?

bpfrd · January 2, 2024, 9:59am

My ltiauthenticator version is 1.3.0. I downloaded it from here GitHub - jupyterhub/ltiauthenticator: A JupyterHub authenticator for LTI and installed it using pip install -e . after modifying __init__ file to:

from ._version import __version__
from .lti11.auth import LTI11Authenticator as LTIAuthenticator
from .lti13.auth import LTI13Authenticator as LTI13Authenticator # this line added

I used the below piece of code in my z2jh values:

hub:
  extraConfig:
    auth: |
        import ltiauthenticator
        import re
        class MyLTI13Authenticator(ltiauthenticator.lti13.auth.LTI13Authenticator):
          def normalize_username(self, username):
            return re.sub(r'[@.]+', '-', username)
            
        c.JupyterHub.authenticator_class = MyLTI13Authenticator
        c.LTI13Authenticator.issuer = "xxxx"
        c.LTI13Authenticator.authorize_url = "xxxx"
        c.LTI13Authenticator.jwks_endpoint = "xxxx"
        c.LTI13Authenticator.client_id = "xxxx"
        c.LTI13Authenticator.username_key = "email"

mahendrapaipuri · January 2, 2024, 10:17am

If you are using latest JupyterHub (>=4), I think you should use latest version of LTI authenticator. From GitHub, I see 1.6.1 is the latest one. Could you try it?

bpfrd · January 2, 2024, 10:40am

Thanks a lot. It worked after installing ltiauthenticator 1.6.1 but I had to add this line to my hub image:

RUN echo "from .lti13.auth import LTI13Authenticator as LTI13Authenticator" >> /usr/local/lib/python3.11/site-packages/ltiauthenticator/__init__.py

Kai_Kugler · March 6, 2025, 6:24pm

i’m using jupyterlab 4.3.5, jupyterhub 5.2.1 with jupyterhub-ltiauthenticator 1.6.2 and get the error for LTI 1.1 connections from Moodle. I already tried to ServerApp.disable_check_xsrf=True but it has no effect at all.
I upgraded my system and now i’m stuck.

rmoreas · July 22, 2025, 3:02pm

I want to migrate from bitnami/jypterhub to z2jh 4.2.0, but I’m also stuck with this.

On the bitnami/jupyterhub deployment, I do not have this issue. Although it uses the same versions:

jupyterhub 5.3.0
jupyterhub-ltiauthenticator 1.6.2

rmoreas · July 22, 2025, 5:42pm

False positive! It was my mistake, the url for the LTI connection was wrongly configured.

Topic		Replies	Views
Z2jh with custom lti1.3 authentication (moodle integration) JupyterHub jupyterhub	2	372	January 2, 2024
JupyterHub with LTI launch JupyterHub jupyterhub , help-wanted	0	468	September 15, 2021
Z2JH with LTIAuthenticator 1.3 (road to Sakai Integration) Zero to JupyterHub on Kubernetes	0	80	June 27, 2024
401 : Unauthorized Audience doesn't match Zero to JupyterHub on Kubernetes jupyterhub	8	553	April 22, 2024
LTi authenticator setup JupyterHub	4	2430	February 28, 2020

Z2jh lti1.3 authentication '_xsrf' argument missing from POST

Related topics