Showing results for 
Show  only  | Search instead for 
Did you mean: 
Community Member

LTI Grade Passback POST Auth

"I am developing an LTI provider app, which has been going great, up until I tried to build out the Grade Passback feature. (Grade Passback Tools - Canvas LMS REST API Documentation).  I am able to POST the necessary XML string/content to the provided lis_outcome_service_url but when I do, I receive an "Invalid authorization header" error.  I assume that I am missing the required OAuth headers from my POST request, but I'm not even sure what I'm missing or how to implement the missing header(s).  I am developing in PHP and using the Guzzle library to perform my POST request.  Can someone please enlighten me on what I'm doing wrong or how I can go about fulfilling the required authorization for my POST request?

7 Replies
Community Team
Community Team

 @jsample1 ‌, given the technical nature of this question, we've shared it with the Canvas Developers‌ and Canvas Admins‌ to attract the attention of your peers in the field.

Community Champion

If you are doing this without using an LTI library, have a look at sections 4.2. and 4.3 in Learning Tools Interoperability v1.1 Implementation Guide | IMS Global Learning Consortium 

You should have an authorisation header with various things in it.  An example is:

authorization:  OAuth realm="", oauth_body_hash="d5u2V4v0m8lAyTgFIKxlLRKo8V0%3D", oauth_consumer_key="", oauth_nonce="0fb28abd43683718af83", oauth_signature="gs%2B2mslCMYhnAXfWwuy3AEIL5ec%3D", oauth_signature_method="HMAC-SHA1", oauth_timestamp="1530656215", oauth_version="1.0"
Community Member

Thanks for your response Peter.  I've been able to generate the necessary Authorization header now, but I'm still unable to get things working properly.  I keep getting a "422 Unprocessable Entity" error.  Here is my exact Authorization header value:

OAuth oauth_consumer_key="demooneclicktesteverything_5b3698d6d155e", oauth_signature_method="HMAC-SHA1", oauth_version="1.0", oauth_nonce="Flu6E", oauth_timestamp="1530661043", oauth_signature="TgIZd79j1Xp23tcNgjmrbYvVOyc%253D"

I am using the PHP class within this library to generate the oauth_signature value: GitHub - jrconlin/oauthsimple: Simple, standardized OAuth signature generator 

One thing that I"m unsure of is what the URL or Path value should be when generating the oauth_signature... is it the same URL that the Canvas App POSTs to? Or is the URL that the user is on when I attempt to make the Grade Passback call? And I've been specifying the URL as a POST method, but should it be GET instead?

Anyway, I've been going crazy trying to get it working, so any help that you can offer would be greatly appreciated!

Community Champion

Its the Canvas URL that you are posting to (lis_outcome_service_url).  Its a post.

Note that you should really also be including the oauth_body_hash.  I think Canvas will let you get away without this, but if you want your tool to work elsewhere you should be including it ( ).

You could try launching your tool and sending a grade back with the saLTIre consumer emulator (LTI Tool Consumer emulator).  It will let you see the things/sent received and information about errors/failures.

Community Member

I updated my code to use the `list_outcome_service_url` value as the Path/URL (as well as using POST) when generating the `oauth_signature`, but still getting that dreadful 422 error.  Here is the exact error: 

Client error: `POST` resulted in a `422 Unprocessable Entity`

I plan on adding the `oauth_body_hash` parameter back in once I get the call to succeed, but for now I'm just focused on getting past the 422 error.  Here is the full code I'm using to generate the signature:

$oauth = new \OAuthSimple($request['oauth_consumer_key'], $shared_secret);
$sig = $oauth->sign();


Any other ideas on what might be going on?

Community Coach
Community Coach

Hello there,  @jsample1 ...

I have been reviewing older questions here in the Canvas Community, and I stumbled upon your question.  While I don't necessarily have an answer for you, I wanted to check in with you because I noticed that there hasn't been any new activity in this topic since your posting on the evening of July 3, 2018.  In reviewing your conversation with pklove, it looks as though you may not have found a solution to your question so far.  Is this still the case?  Or, have you been able to get this resolved? If you've been able to resolve this, would you be willing to share what you have learned back here in the Community so that others might be able to see it, too?  If you're still looking for some help, however, please come back to this thread to provide us with an update so that someone from the Community might be able to assist you.  For the time being, I am going to mark your question as "Assumed Answered" mainly because there hasn't been any new activity in this topic for over five months.  However, that will not prevent you or others from posting additional questions and/or comments below that are related to this topic.  I hope that's alright with you, Jay.  Looking forward to hearing back from you soon.

Community Member

Hi, I am trying to send grades back to canvas by posting to lis_outcome_service_url but getting 422 error. 

When I simulate same call using POSTMAN, I get 'Session Timeout'  but if I send same request again I get Success message and grade goes to canvas. 

When I try to do the same with Laravel Guzzle implementation  I get 'Session Timeout' response on each request.

Someone please help me to resolve this