Community help

dbrigham · ‎10-13-2015

Hello,

I used https://lti-tool-provider.herokuapp.com/ to test an OAuth request between Canvas and our server. The URL I am hitting is https://localhost/authorization/lti?action=true. My question is why do query string parameters get added to the POST body?

This is causing our signature validation to fail as the two requests do not match. When we check for equality for the two signatures the one from the LTI Tool Provider Test has one parameter action=true while when the server constructs the signature it has two action=true (one from the POST body and one from the query string). I have not had this problem when constructing LTI requests with Moodle or Blackboard.

Why does Canvas add query string parameters to the POST body? Am I doing something wrong on my end?

Thank you for your help!

pklove · ‎06-26-2018

There is now a configuration parameter, oauth_compliant, that controls this. Setting it true stops the query parameters being copied to the body.

See "Launch URL's containing query parameters" at Importing Extended Tool Configurations - Canvas LMS REST API Documentation

View solution in original post

stuart_ryan · ‎06-26-2018

Hi @dbrigham ,

I am going through having a look at some of the early days in the Canvas Developers group, and checking in to see if older enquiries have been answered. I also noticed there hasn’t been any discussion on this question.

I am wondering, were you ever able to resolve this? If have some insights you may be able to share for others that would be awesome too!

Cheers,
Stuart

pklove · ‎06-26-2018

There is now a configuration parameter, oauth_compliant, that controls this. Setting it true stops the query parameters being copied to the body.

See "Launch URL's containing query parameters" at Importing Extended Tool Configurations - Canvas LMS REST API Documentation

stuart_ryan · ‎06-27-2018

Hi pklove,

That is outstanding thanks so much!

Cheers,
Stuart

pklove · ‎06-27-2018

Hi Suart,

Kind words, but this came up in Verifying Signature in LTI launch when there are query parameters and I think @justinball might have been the first to mention oauth_compliant in these fora.

Cheers,

Peter

skyler_todd · ‎07-06-2018

There is also a setting to fix this globally, I believe it is the toggle "Don't Move LTI Query Params to POST Body" in Account > Settings > Feature Options.

pklove · ‎07-07-2018

Note that his might not be available on some installs. I do not see it on a Canvas hosted installation, but I do have it on my local install.

LTI POST Request with Query String Parameters

LTI

Canvas Open Source version and McGaw Hill Connects

Is the Canvas Studio Media Player available in the...

My Hacky Home Campus Solution (using custom JS amo...

Handling Canvas logouts / session termination unde...

Issue with canvas docker setup, only seeing dinghy...

How to update a dynamically registered LTI tool co...

Get user's classes from external website (same bro...

Canvas Open Source version and McGaw Hill Connects

Is the Canvas Studio Media Player available in the...

API Endpoints for BigBlueButton

You're signed out

LTI POST Request with Query String Parameters

Community help

View our top guides and resources: