LTI basic launch oauth signature mismatch
I'm trying to validate the basic LTI launch request by the shared secret with vendor and the received payload in LTI launch request.
Steps which I have done so far is,
1. Remove the oauth_signature key and value from the received payload(POST LTI launch request)
2. Sort the keys of the payload in ascending order
3. Generate a string for each encoded key and encoded values in a loop, for example,
var str = ''";
You can use the page at https://lti.tools/oauth to verify a signature and view the calculation method. Note that, by default, Canvas does not send the correct OAuth signature if your URL includes query parameters unless the oauth_compliant property is set to true.