I am working to verify OAuth Signatures coming from our LTI posts.
I am looking for descriptive and detailed documentation on how I should be creating the OAuth Signature on my end. I got the basics of using HMAC_sha1. I am trying to find the doc’s describing what should EXACTLY should be hashed.
I have poked through your source code and it appears you are using a canvas specific ruby gem for creating this signature. Without me dissecting what you are doing, are there any docs out there?
In searching around I came across this resource. In a google discussion (https://groups.google.com/forum/#!topic/canvas-lms-users/JfoNmPECpqE), Brad Humphrey says, I can use this to "display the oauth base string before it is hashed.” Is this still accurate?
This issue refers to some spec docs, but I have not been able to locate those.
Any help and direction would be much appreciated.