Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-39090

LTI launches with query strings have wrong signature

    XMLWordPrintable

    Details

      Description

      • If a LTI launch URL has parameters on the query string, those get reproduced in the form post when launched
      • The oauth_signature is based on those parameters being represented once in the request
      • Because the parameters are both in the body and the query in the actual launch, the signature will be incorrect on the receiving end

      Here's why the parameters get duplicated:

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              bushido Mark Nielsen
              Reporter:
              scriby Chris Scribner
              Peer reviewer:
              Jason Fowler
              Integrator:
              Sam Hemelryk
              Tester:
              David Monllaó
              Participants:
              Component watchers:
              Adrian Greeve, Jake Dallimore, Mathew May, Mihail Geshoski, Peter Dias
              Votes:
              2 Vote for this issue
              Watchers:
              7 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:
                Fix Release Date:
                9/Sep/13