Forum

Invalid LTI Signature

edited June 2019 in Peer Support

Got Invalid LTI Signature when delivering test in LTI application (Moodle 3.7 - TAO 3.3-rc01).
I have followed this guide (https://userguide.taotesting.com/3.1/advanced-features/lti-applications.html).
Please see if anything else needed to be done.

Stack trace as followed:
{code}Invalid signature {"exception":"[object] (IMSGlobal\LTI\OAuth\OAuthException(code: 0): Invalid signature at /var/www/html/vendor/imsglobal/lti/src/OAuth/OAuthServer.php:198)
[stacktrace]
/var/www/html/vendor/imsglobal/lti/src/OAuth/OAuthServer.php(84): IMSGlobal\LTI\OAuth\OAuthServer->check_signature(Object(IMSGlobal\LTI\OAuth\OAuthRequest), Object(IMSGlobal\LTI\OAuth\OAuthConsumer), Object(IMSGlobal\LTI\OAuth\OAuthToken))
/var/www/html/tao/models/classes/oauth/OauthService.php(123): IMSGlobal\LTI\OAuth\OAuthServer->verify_request(Object(IMSGlobal\LTI\OAuth\OAuthRequest))
/var/www/html/taoLti/models/classes/LtiAuthAdapter.php(76): oat\tao\model\oauth\OauthService->validate(Object(common_http_Request))
/var/www/html/taoLti/models/classes/LtiService.php(56): oat\taoLti\models\classes\LtiAuthAdapter->authenticate()
/var/www/html/taoLti/controller/ToolModule.php(66): oat\taoLti\models\classes\LtiService->startLtiSession(Object(common_http_Request))
/var/www/html/tao/models/classes/routing/ActionEnforcer.php(154): call_user_func_array(Array, Array)
/var/www/html/tao/models/classes/routing/TaoFrontController.php(86): oat\tao\model\
outing\ActionEnforcer->execute()
/var/www/html/tao/models/classes/mvc/Bootstrap.php(332): oat\tao\model\
outing\TaoFrontController->legacy(Object(common_http_Request))
/var/www/html/tao/models/classes/mvc/Bootstrap.php(172): oat\tao\model\mvc\Bootstrap->mvc()
/var/www/html/tao/models/classes/mvc/Bootstrap.php(234): oat\tao\model\mvc\Bootstrap->dispatchHttp()
/var/www/html/index.php(31): oat\tao\model\mvc\Bootstrap->dispatch()
{main}{code}

Comments

  • Looks like an authorization error - Invalid signature at /var/www/html/vendor/imsglobal/lti/src/OAuth/OAuthServer.php

    Double check you have the correct information.

  • Hi all,

    I have a similar problem. Intention is to integrate with Moodle but also getting same result using the IMS LTI Tool Consumer emulator.

    I too have followed the guide..

    Any thoughts welcome!

    Thanks,
    Tim

    Invoking oat\ltiDeliveryProvider\controller\DeliveryTool::launch by https://assess.withtheprogram.net/elt-ta.rdf#superUser
    OAuth Request created:http://127.0.0.1:82/ltiDeliveryProvider/DeliveryTool/launch/eyJkZWxpdmVyeSI6Imh0dHBzOlwvXC9hc3Nlc3Mud2l0aHRoZXByb2dyYW0ubmV0XC9lbHQtdGEucmRmI2kxNTc4Nzc3MTI3MTY5MzY1In0= using POST
    init dbal connection to get SchemaMangager
    oat\tao\model\oauth\DataStore::lookup_token called for token  of type access
    Validation failed: Invalid signature
    Invalid LTI signature
    Invalid LTI signature
    [key 5f2a6e15668ab] taoLti_models_classes_LtiException 'Invalid LTI signature' in /var/www/tao/taoLti/models/classes/class.LtiAuthAdapter.php(67)
    
                                        #0 /var/www/tao/taoLti/models/classes/class.LtiService.php(48): taoLti_models_classes_LtiAuthAdapter->authenticate()
    #1 /var/www/tao/taoLti/actions/class.ToolModule.php(38): taoLti_models_classes_LtiService->startLtiSession(Object(common_http_Request))
    #2 [internal function]: taoLti_actions_ToolModule->launch()
    #3 /var/www/tao/tao/models/classes/routing/ActionEnforcer.php(151): call_user_func_array(Array, Array)
    #4 /var/www/tao/tao/models/classes/routing/TaoFrontController.php(92): oat\tao\model\routing\ActionEnforcer->execute()
    #5 /var/www/tao/tao/models/classes/mvc/Bootstrap.php(332): oat\tao\model\routing\TaoFrontController->legacy(Object(common_http_Request))
    #6 /var/www/tao/tao/models/classes/mvc/Bootstrap.php(172): oat\tao\model\mvc\Bootstrap->mvc()
    #7 /var/www/tao/tao/models/classes/mvc/Bootstrap.php(234): oat\tao\model\mvc\Bootstrap->dispatchHttp()
    #8 /var/www/tao/index.php(31): oat\tao\model\mvc\Bootstrap->dispatch()
    #9 {main}
    
  • Just in case it's useful to anybody else, I found the issue I was having.

    I'm using NGINX as a a reverse proxy and the host/port forms part of the oauth request, which is then different by the time it's validated.

    Had to set the following in NGINX config:
    proxy_set_header Host $host:$server_port;

Sign In or Register to comment.

We use cookies on our website to support technical features that enhance your user experience. Cookie Policy Privacy Policy

×