Community help

SamStephens · ‎12-10-2020

I've been working with an LTI app that should be able to pass grades back to the LMS.

I'm using curl in PHP to pass the POST request back to Canvas. I went through the steps to generate the authorization header, but I keep getting an "Invalid authorization header" response.

I'm not sure how to best troubleshoot this error. Does it come up only with the header isn't formatted correctly, or could it be that my signature or something else isn't generating properly?

Below is the header information spit out by the curl info, mildly redacted:

POST /api/lti/v1/tools/555/grade_passback HTTP/2
Host: my.host.com
accept: */*
authorization: OAuth realm="", oauth_consumer_key="12345", oauth_signature_method="HMAC-SHA1", oauth_signature="IaocPBad0I8YRLIiOgPRRy9ayKY%3D", oauth_timestamp="1607615826", oauth_nonce="1607615826", oauth_version="1.0", oauth_body_hash="d357c33dc75166fc98bda47997477ddf651e4bff"
content-type: application/xml
content-length: 817

svickers2 · ‎12-10-2020

Have you checked that your signature is correct? (For example, use a page like the one at https://lti.tools/oauth to check the calculation.) If that is correct, has your nonce value been used before? Or double-check the body hash.

View solution in original post

svickers2 · ‎12-10-2020

Have you checked that your signature is correct? (For example, use a page like the one at https://lti.tools/oauth to check the calculation.) If that is correct, has your nonce value been used before? Or double-check the body hash.

SamStephens · ‎12-10-2020

Thanks for the suggestions. It turns out my signature wasn't generating properly. I got that fixed, and I'm getting XML back.

I keep getting "Request could not be handled. ¯\_(ツ)_/¯". I know this isn't the same problem as the original question, but do you know of any documentation where I can get more information on this message?

SamStephens · ‎12-11-2020

I found the issue with the XML I was sending.

Thanks again for pointing me in the right troubleshooting direction.

mindcycle · ‎01-11-2021

Question here -- if the signature is not correct there should be no XML returned, correct? I am troubleshooting an LTI passback error, but since I am usually getting other errors back I am thinking OAuth is not this issue.

SamStephens · ‎01-11-2021

In my experience getting this to work, I didn't get any XML back until the signature was correct.

svickers2 · ‎01-12-2021

I think all requests should receive an XML response. The imsx_statusInfo section is used to indicate the success or failure of the operation to the sender. The key paragraph of the spec is:

See “Table A1.2 Interpretation of the ‘CodeMajor/severity’ matrix” from IMS General Web Services WSDL Binding Guidelines [GWS-10] for further details on header values for 'unsupported' or 'failure' responses.

mindcycle · ‎01-11-2021

@svickers2 any chance you can take a look at this and share your thoughts?

Help with LTI Authorization Header for Grade Passback

authorization

development

headers

LTI

Donot have valid data to test certain APIs

Getting Canvas LTI Data

Is it posible to get the self_enrollment_code trou...

Display LTI content in pages from Editor LTI Place...

Media Plugin for Canvas LMS

UI for weekly progression idea

Is the ‘Enable self assessment’ field available in...

Canvas Rubrics API Criteria

api/v1/courses/sis_course_id:{id#}/sections - Not ...

add `desc` or `asc` to a few api calls that are al...

You're signed out

Help with LTI Authorization Header for Grade Passback

Community help

View our top guides and resources: