Invalid LTI Signature

PhamLenny

Got Invalid LTI Signature when delivering test in LTI application (Moodle 3.7 - TAO 3.3-rc01).
I have followed this guide (https://userguide.taotesting.com/3.1/advanced-features/lti-applications.html).
Please see if anything else needed to be done.

Stack trace as followed:
{code}Invalid signature {"exception":"[object] (IMSGlobal\LTI\OAuth\OAuthException(code: 0): Invalid signature at /var/www/html/vendor/imsglobal/lti/src/OAuth/OAuthServer.php:198)
[stacktrace]
/var/www/html/vendor/imsglobal/lti/src/OAuth/OAuthServer.php(84): IMSGlobal\LTI\OAuth\OAuthServer->check_signature(Object(IMSGlobal\LTI\OAuth\OAuthRequest), Object(IMSGlobal\LTI\OAuth\OAuthConsumer), Object(IMSGlobal\LTI\OAuth\OAuthToken))
/var/www/html/tao/models/classes/oauth/OauthService.php(123): IMSGlobal\LTI\OAuth\OAuthServer->verify_request(Object(IMSGlobal\LTI\OAuth\OAuthRequest))
/var/www/html/taoLti/models/classes/LtiAuthAdapter.php(76): oat\tao\model\oauth\OauthService->validate(Object(common_http_Request))
/var/www/html/taoLti/models/classes/LtiService.php(56): oat\taoLti\models\classes\LtiAuthAdapter->authenticate()
/var/www/html/taoLti/controller/ToolModule.php(66): oat\taoLti\models\classes\LtiService->startLtiSession(Object(common_http_Request))
/var/www/html/tao/models/classes/routing/ActionEnforcer.php(154): call_user_func_array(Array, Array)
/var/www/html/tao/models/classes/routing/TaoFrontController.php(86): oat\tao\model\
outing\ActionEnforcer->execute()
/var/www/html/tao/models/classes/mvc/Bootstrap.php(332): oat\tao\model\
outing\TaoFrontController->legacy(Object(common_http_Request))
/var/www/html/tao/models/classes/mvc/Bootstrap.php(172): oat\tao\model\mvc\Bootstrap->mvc()
/var/www/html/tao/models/classes/mvc/Bootstrap.php(234): oat\tao\model\mvc\Bootstrap->dispatchHttp()
/var/www/html/index.php(31): oat\tao\model\mvc\Bootstrap->dispatch()
{main}{code}

amy

Looks like an authorization error - Invalid signature at /var/www/html/vendor/imsglobal/lti/src/OAuth/OAuthServer.php

Double check you have the correct information.

TMcLardy

Hi all,

I have a similar problem. Intention is to integrate with Moodle but also getting same result using the IMS LTI Tool Consumer emulator.

I too have followed the guide..

Any thoughts welcome!

Thanks,
Tim

Invoking oat\ltiDeliveryProvider\controller\DeliveryTool::launch by https://assess.withtheprogram.net/elt-ta.rdf#superUser
OAuth Request created:http://127.0.0.1:82/ltiDeliveryProvider/DeliveryTool/launch/eyJkZWxpdmVyeSI6Imh0dHBzOlwvXC9hc3Nlc3Mud2l0aHRoZXByb2dyYW0ubmV0XC9lbHQtdGEucmRmI2kxNTc4Nzc3MTI3MTY5MzY1In0= using POST
init dbal connection to get SchemaMangager
oat\tao\model\oauth\DataStore::lookup_token called for token  of type access
Validation failed: Invalid signature
Invalid LTI signature
Invalid LTI signature
[key 5f2a6e15668ab] taoLti_models_classes_LtiException 'Invalid LTI signature' in /var/www/tao/taoLti/models/classes/class.LtiAuthAdapter.php(67)

                                    #0 /var/www/tao/taoLti/models/classes/class.LtiService.php(48): taoLti_models_classes_LtiAuthAdapter->authenticate()
#1 /var/www/tao/taoLti/actions/class.ToolModule.php(38): taoLti_models_classes_LtiService->startLtiSession(Object(common_http_Request))
#2 [internal function]: taoLti_actions_ToolModule->launch()
#3 /var/www/tao/tao/models/classes/routing/ActionEnforcer.php(151): call_user_func_array(Array, Array)
#4 /var/www/tao/tao/models/classes/routing/TaoFrontController.php(92): oat\tao\model\routing\ActionEnforcer->execute()
#5 /var/www/tao/tao/models/classes/mvc/Bootstrap.php(332): oat\tao\model\routing\TaoFrontController->legacy(Object(common_http_Request))
#6 /var/www/tao/tao/models/classes/mvc/Bootstrap.php(172): oat\tao\model\mvc\Bootstrap->mvc()
#7 /var/www/tao/tao/models/classes/mvc/Bootstrap.php(234): oat\tao\model\mvc\Bootstrap->dispatchHttp()
#8 /var/www/tao/index.php(31): oat\tao\model\mvc\Bootstrap->dispatch()
#9 {main}

TMcLardy

Just in case it's useful to anybody else, I found the issue I was having.

I'm using NGINX as a a reverse proxy and the host/port forms part of the oauth request, which is then different by the time it's validated.

Had to set the following in NGINX config:
proxy_set_header Host $host:$server_port;