I am trying to combine the Signature verification example from Peter Love in this discussion:
with the following tutorial:
I can test the Signature verification example in the Canvas Dev and Friends course, module 2, and it works fine. I am using my own domain on https.
By following the tutorial, I can add an app. I am using the same Consumer Key and Shared Secret as in the course. However, when I launch the same url from as in the LTI tutorial, I get an "Invalid signature" error. I can print out the body of the request with all parameters. oauth_consumer_key is right, I do not check for oauth_nonce, oauth_timestamp is present and is supposed to get checked by ims-lti. How to troubleshoot this problem?