Help with LTI Authorization Header for Grade Passback
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I've been working with an LTI app that should be able to pass grades back to the LMS.
I'm using curl in PHP to pass the POST request back to Canvas. I went through the steps to generate the authorization header, but I keep getting an "Invalid authorization header" response.
I'm not sure how to best troubleshoot this error. Does it come up only with the header isn't formatted correctly, or could it be that my signature or something else isn't generating properly?
Below is the header information spit out by the curl info, mildly redacted:
POST /api/lti/v1/tools/555/grade_passback HTTP/2
Host: my.host.com
accept: */*
authorization: OAuth realm="", oauth_consumer_key="12345", oauth_signature_method="HMAC-SHA1", oauth_signature="IaocPBad0I8YRLIiOgPRRy9ayKY%3D", oauth_timestamp="1607615826", oauth_nonce="1607615826", oauth_version="1.0", oauth_body_hash="d357c33dc75166fc98bda47997477ddf651e4bff"
content-type: application/xml
content-length: 817
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Have you checked that your signature is correct? (For example, use a page like the one at https://lti.tools/oauth to check the calculation.) If that is correct, has your nonce value been used before? Or double-check the body hash.