LTI POST Request with Query String Parameters
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello,
I used https://lti-tool-provider.herokuapp.com/ to test an OAuth request between Canvas and our server. The URL I am hitting is https://localhost/authorization/lti?action=true. My question is why do query string parameters get added to the POST body?
This is causing our signature validation to fail as the two requests do not match. When we check for equality for the two signatures the one from the LTI Tool Provider Test has one parameter action=true while when the server constructs the signature it has two action=true (one from the POST body and one from the query string). I have not had this problem when constructing LTI requests with Moodle or Blackboard.
Why does Canvas add query string parameters to the POST body? Am I doing something wrong on my end?
Thank you for your help!
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
There is now a configuration parameter, oauth_compliant, that controls this. Setting it true stops the query parameters being copied to the body.
See "Launch URL's containing query parameters" at Importing Extended Tool Configurations - Canvas LMS REST API Documentation
