Community Help

makarenko · ‎06-06-2022

We have set up external apps. Next, we created a module in which there are several launches of LTI to certain courses, in the URL of which a parameter is added to identify the required course on the server. Before sending the request, encryption occurs and oauth_signature is added to the form parameters, but then these custom parameters are duplicated, they are sent both in the query parameters and in the form's parameters, and this, in turn, leads to the fact that the oauth_signature on the server will be different. As a result, we get an Invalid signature error. What are the solutions to this problem?

hanmari · ‎07-06-2022

I am running into this same issue with custom parameters duplicated in the URL query string as well as in the HTTP POST parameters. When Canvas generates the OAuth1 signature it does not double-up on the repeated parameters by default. This seems to deviate from the OAuth1 specification. When configuring your third party app tool you can force Canvas to generate its LTI 1.2 signature in a more compliant manner by supplying an optional XML configuration setting named `oauth_compliant` and setting its value to true. Though obscure, this is mentioned in the Tool XML configuration page:

https://canvas.instructure.com/doc/api/file.tools_xml.html

An Invalid signature error occurs because parameters are duplicated in the LTI request.

Respondus Lockdown Browser -- Allows access to oth...

Submitting Multiple File Types in One Assignment

TimelyCare

Is this a legitimate Canvas link/domain?

idgame

Respondus Lockdown Browser -- Allows access to oth...

Submitting Multiple File Types in One Assignment

TimelyCare

Canvas quizzes and bandwidth

Can't see last row of grade screen

You're signed out

An Invalid signature error occurs because parameters are duplicated in the LTI request.

Community Help

View our top guides and resources: