LTI basic launch OAuth signature mismatch in some courses

Jump to solution
bayan-abuawad
Community Member

Hey everyone,

we have this weird issue with a client that and for some reason, the Tool is working perfectly for him in some courses, and in other courses, we get a signature mismatch on our side, even though both courses use the same secret and they use the same LTI Tool configuration.

we are generating the signature on our side using GenerateSignature function from this library:
https://github.com/LtiLibrary/LtiLibrary/blob/master/src/LtiLibrary.NetCore/OAuth/OAuthRequest.cs

which has been working perfectly with all the LMS platforms including Canvas up to this point.

any idea what might be causing to this?

Thanks in advance.

 

Labels (1)
0 Likes
1 Solution
svickers2
Community Contributor

Have you been able to work out which end is generating the invalid signature?  You could try using another service like the one at https://lti.tools/oauth to check the signature.  Is there anything about the URL to which the message is being sent?  Note that Canvas does not generate a valid signature when the URL contains a query parameter with no value (or equals sign); such as https://example.com/launch?param.  To workaround this bug always include an equals sign (i.e. use https://example.com/launch?param= in the previous example).  (Note: this bug is present even when the oauth_compliant property has been set to true.)

View solution in original post

0 Likes