itsalljustaride
commented
6 years ago Looks like there could be more clues as to the root of this issue here?
Closed itsalljustaride closed 6 years ago
itsalljustaride
commented
6 years ago Looks like there could be more clues as to the root of this issue here?
rivernate
commented
6 years ago version 1.x of the gem has been deprecated, and instead the 2.x version is the active version. Can you try again with the newer version of the gem?
itsalljustaride
commented
6 years ago Unfortunately the 2.X version of the gem excludes the IMS::LTI::ToolProvider class, and I could not really see if there was a way to recreate that functionality.
rivernate
commented
6 years ago the 2.x gems a breaking change from the way that the LTI 1.x gem did things, the documentation for validating launches with the lti 2.x gem is here: https://github.com/instructure/ims-lti#usage
rivernate
commented
6 years ago I'm going to close this issue since it's with the 1.x version of the gem
mcfilib
commented
5 years ago @rivernate i found this issue via google and was wondering what class people should be using to post data back to canvas now that IMS::LTI::ToolProvider is gone?
ziaulrehman40
commented
4 years ago Hi @rivernate I just tried using v2 and got same error, here is my code: https://github.com/ziaulrehman40/lti-template-rails/blob/master/template/app/controllers/application_controller.rb#L23
Also, some explanation on how to verify signature if lets say we are building without this gem or for another language/framework, would be great. For reference, we will most probably be doing all this in php. And it seems that this custom GET params is not something standard thats why it breaks signatures.
ziaulrehman40
commented
4 years ago Made it work by removing GET params from URL before sending for signature check:
parsed = URI::parse(request.url)
parsed.fragment = parsed.query = nil
authenticator = IMS::LTI::Services::MessageAuthenticator.new(
parsed.to_s,
request.request_parameters,
Rails.application.config.lti_settings['consumer_secret']
)But still needs to be checked how this will impact other LTI tool providers like tsugi or php-lti library.
Hi,
I appear to have an issue whereby the request object passed to the "valid_request?" check is failing for the first attempt due to params on the end of the url? If I reload, the request params are reset and the check passes. This thread seems to indicate this is a known issue:
https://github.com/andyfmiller/LtiLibrary/issues/14
What is the best way around this? Thanks.