We're working with assignments that are being submitted to Chalk and Wire via an LTI external tool.
After the link configuration has been performed rightly and the use for some period was normal, there was a vanish of one custom parameter in the calls.
Someone experienced something like that?
I am just a developer and have not worked in the operation to be confidence enough to say that I have seen this.
But if a custom param is missing and the signature still valid, it is likely points to LTI provider registration. You may check the set up using external_tools API. I would also want to check the Referer header in the request where the request came from. There may be other LTI link where I weren't aware of with incorrect configuration. If a custom param is missing and the signature is invalid, this may be anywhere from user's computer to your server.