So, I'm having issues with the Oauth for grade passback...
Here's what my authorization header looks like:
Authorization: Oauth realm="",oauth_body_hash="R5sCV4nD6IEByg4XFIcsuI%2FYCeg%3D",oauth_consumer_key="something",oauth_nonce="blah",oauth_signature_method="HMAC-SHA1",oauth_timestamp="1534621731",oauth_version="1.0",oauth_signature="NCJcDiAzWH7I6hIp3rGlC%2BargkY%3D"
The signature of course is generating using the same method as how I verify it in the initial LTI launch, POST&url&oauthparamsetc.
oauth_body_hash is also taken into account when generating the signature. oauth_body_hash is a SHA1 digest. All params are URIencoded (as you can tell).
I've tested against the lti.tools/oauth tool and I am getting the same signature, so seems like I'm generating that correctly. However, Canvas is always reporting "Invalid authorization header".
Tried against both:
Any ideas what I'm doing wrong?