Verifying OAuth Signature
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I am working to verify OAuth Signatures coming from our LTI posts.
I am looking for descriptive and detailed documentation on how I should be creating the OAuth Signature on my end. I got the basics of using HMAC_sha1. I am trying to find the doc’s describing what should EXACTLY should be hashed.
I have poked through your source code and it appears you are using a canvas specific ruby gem for creating this signature. Without me dissecting what you are doing, are there any docs out there?
In searching around I came across this resource. In a google discussion (https://groups.google.com/forum/#!topic/canvas-lms-users/JfoNmPECpqE), Deactivated user says, I can use this to "display the oauth base string before it is hashed.” Is this still accurate?
https://lti-tool-provider.herokuapp.com/
This issue refers to some spec docs, but I have not been able to locate those.
https://github.com/instructure/canvas-lms/issues/600
Any help and direction would be much appreciated.