AnsweredAssumed Answered

LTI Grade passback Oauth problems?

Question asked by Sam Yelman on Aug 18, 2018

So, I'm having issues with the Oauth for grade passback...

 

Here's what my authorization header looks like:

 

Authorization: Oauth realm="",oauth_body_hash="R5sCV4nD6IEByg4XFIcsuI%2FYCeg%3D",oauth_consumer_key="something",oauth_nonce="blah",oauth_signature_method="HMAC-SHA1",oauth_timestamp="1534621731",oauth_version="1.0",oauth_signature="NCJcDiAzWH7I6hIp3rGlC%2BargkY%3D"

 

The signature of course is generating using the same method as how I verify it in the initial LTI launch, POST&url&oauthparamsetc.

oauth_body_hash is also taken into account when generating the signature. oauth_body_hash is a SHA1 digest. All params are URIencoded (as you can tell). 

 

I've tested against the lti.tools/oauth tool and I am getting the same signature, so seems like I'm generating that correctly. However, Canvas is always reporting "Invalid authorization header".

 

Tried against both:

https://myinstance.instructure.com/api/lti/v1/tools/9999/grade_passback 

https://myinstance.instructure.com/api/lti/v1/tools/9999/ext_grade_passback 

 

Any ideas what I'm doing wrong?

Outcomes