Help with LTI Authorization Header for Grade Passback

Jump to solution
SamStephens
Community Member

I've been working with an LTI app that should be able to pass grades back to the LMS.

I'm using curl in PHP to pass the POST request back to Canvas. I went through the steps to generate the authorization header, but I keep getting an "Invalid authorization header" response.

I'm not sure how to best troubleshoot this error. Does it come up only with the header isn't formatted correctly, or could it be that my signature or something else isn't generating properly?

Below is the header information spit out by the curl info, mildly redacted:

POST /api/lti/v1/tools/555/grade_passback HTTP/2
Host: my.host.com
accept: */*
authorization: OAuth realm="", oauth_consumer_key="12345", oauth_signature_method="HMAC-SHA1", oauth_signature="IaocPBad0I8YRLIiOgPRRy9ayKY%3D", oauth_timestamp="1607615826", oauth_nonce="1607615826", oauth_version="1.0", oauth_body_hash="d357c33dc75166fc98bda47997477ddf651e4bff"
content-type: application/xml
content-length: 817

 

Labels (4)
0 Likes
1 Solution
svickers2
Community Contributor

Have you checked that your signature is correct?  (For example, use a page like the one at https://lti.tools/oauth to check the calculation.)  If that is correct, has your nonce value been used before?  Or double-check the body hash.

View solution in original post