Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-46536

Invalid OAuth Signature error when LTI activity intro contains inconsistent newline characters

    XMLWordPrintable

    Details

    • Testing Instructions:
      Hide

      In addition to running unit tests, please do the following:

      1. Go to Site administration / Plugins / Activity modules / LTI
      2. Click on "Add external tool configuration"
        1. Enter anything you want for Tool Name
        2. Enter the following for Tool Base URL: http://ltiapps.net/test/tp.php
        3. Enter the following for Consumer Key: consumerkey
        4. Enter the following for Shared Secret: secret
        5. Click Save changes
      3. Go to a course.
      4. Add a new General tool activity
        1. Enter whatever you like for Activity Name
        2. Enter the following for Launch URL: http://ltiapps.net/test/tp.php
        3. Click on Show more.
        4. Enter in a description that has multiple lines. Very important that there are multiple lines.
        5. Check "Display activity description when launched" setting.
        6. For Launch Container, select Embed without blocks.
        7. Click Save and display.
      5. Should be viewing the activity now, with a description and the LTI tool should have launched. The Request summary should read "basic-lti-launch-request message request is valid."
      6. Now go back to the course.
      7. Duplicate the General tool activity that was created earlier.
      8. View the activity.
      9. Should be viewing the activity now, with a description and the LTI tool should have launched. The Request summary should read "basic-lti-launch-request message request is valid." instead of the error "Could not validate request: OAuth signature check failed - perhaps an incorrect secret or timestamp."
      Show
      In addition to running unit tests, please do the following: Go to Site administration / Plugins / Activity modules / LTI Click on "Add external tool configuration" Enter anything you want for Tool Name Enter the following for Tool Base URL: http://ltiapps.net/test/tp.php Enter the following for Consumer Key: consumerkey Enter the following for Shared Secret: secret Click Save changes Go to a course. Add a new General tool activity Enter whatever you like for Activity Name Enter the following for Launch URL: http://ltiapps.net/test/tp.php Click on Show more. Enter in a description that has multiple lines. Very important that there are multiple lines. Check "Display activity description when launched" setting. For Launch Container, select Embed without blocks. Click Save and display. Should be viewing the activity now, with a description and the LTI tool should have launched. The Request summary should read "basic-lti-launch-request message request is valid." Now go back to the course. Duplicate the General tool activity that was created earlier. View the activity. Should be viewing the activity now, with a description and the LTI tool should have launched. The Request summary should read "basic-lti-launch-request message request is valid." instead of the error "Could not validate request: OAuth signature check failed - perhaps an incorrect secret or timestamp."
    • Affected Branches:
      MOODLE_26_STABLE, MOODLE_27_STABLE, MOODLE_28_STABLE
    • Fixed Branches:
      MOODLE_26_STABLE, MOODLE_27_STABLE
    • Pull Master Branch:
      MDL-46536_oauthSig

      Description

      OAuth signature signing fails on the tool provider side when the LTI activity has inconsistent newline characters in the description. My theory on why the OAuth signature was breaking, is because the intro in the activity only had \n for new lines. So, the Moodle side would generate the signature with \n for new lines. Then, the tool provider would generate a signature with \r\n for new lines because HTTP sends newlines like that. Due to the content being different, the signatures do not match and it fails.

        Attachments

          Issue Links

            Activity

              People

              • Votes:
                0 Vote for this issue
                Watchers:
                9 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:
                  Fix Release Date:
                  8/Sep/14