 |
IMS GLC Public Forums and Resources |
 |
 |  |
| "Where the World's Leaders in Learning Converge"
join :
help :
calendar :
home
|
||
|
Latest News:
|
latest topics : statistics | |
|
Hide | |
Other Forums
Get Notified
Want to be notified when a new post is available?
There are two ways:
1) Digest Email: To sign up for a digest email, login in to your IMS community account and enter the forum. Click profile on the right hand side of the screen near the top, choose personal options, scroll down to category digest and highlight all the categories you wish to receive email notification from, then the click update profile button at the bottom.
2) You can bookmark and check the rss feed for the categories you are interested in. A link to the rss feed is on the right hand side (in orange) in each category. The IMS news Rss feed is: http://www.imsglobal.org/community/forum/rss.cfm?forumid=11&catid=46
|
Topic Title: Simple test harness broken? Topic Summary: Created On: 02/28/2012 04:51 PM Status: Post and Reply |
Linear : Threading : Single : Branch |
 Topic Tools
|
 02/28/2012 04:51 PM
|
|
|
The simple LMS test application at http://www.imsglobal.org/devel.../LTI/test/v1p1/lms.php appears to not handle spaces in the oauth signature properly: It appears to turn the offered key's plus signs ('+') into spaces.
I have a tool that I'm testing with the above and stumbled upon this problem. Digging through what I can see on my side, it's reliably reproducible. V1.0 4f4d48d941c9c failure status OAuth signature failed: Invalid signature ours= K0y6d7q8h3tbm4+hWRNq2WbLrPA= yours=K0y6d7q8h3tbm4 hWRNq2WbLrPA= B64key=123451 HDRkey=123451 secret=secret zzz LIS response ends header was POST /developers/LTI/test/v1p1/common/tool_consumer_outcome.php?b64=MTIzNDUxOjo6c2VjcmV0 HTTP/1.1 Host: www.imsglobal.org Accept: */* Authorization: OAuth oauth_body_hash="dEiFhO4qVoJRsw9ddKUmnMQJ6Ic=",oauth_consumer_key="123451",oauth_nonce="1874069178",oauth_signature="K0y6d7q8h3tbm4+hWRNq2WbLrPA=",oauth_signature_method="HMAC-SHA1",oauth_timestamp="1330464984",oauth_version="1.0" Content-Type: application/xml Content-Length: 798 I'm using PHP's CURL to manage the request. Setting the option for CURLINFO_HEADER_OUT dumps what is being posted. I'm trying to determine if my code needs more work or not: I'm not too proud to say 'the problem could be on my end.' The tool being tested is at http://www.classroom24-7.com/player/index2.php Thanks in advance. ------------------------- -- |
|
|
|
|
|
03/02/2012 07:55 PM
|
|
|
Does everything work when there is no space in the secret?
/Chuck |
|
|
|
|
|
03/03/2012 09:09 AM
|
|
|
I just did a quick test where I switched the secret in my local copy of lms.php and
tool.php to "secret zzz" and it worked fine - both the launch and the callback for grade setting. If I look in your output: V1.0 4f4d48d941c9c failure status OAuth signature failed: Invalid signature ours= K0y6d7q8h3tbm4+hWRNq2WbLrPA= yours=K0y6d7q8h3tbm4 hWRNq2WbLrPA= B64key=123451 HDRkey=123451 secret=secret zzz This comes from the tool_consumer_outcome.php and is showing what it is using as a secret and correctly seems to be using "secret zzz" I ran through the code, perhaps suspecting something wrong with the body hash - but the signature check is done before the hash check and if the signature fail the hash is not even computed so it is not the hash. So that narrows this down to a base string check with the only real data in the base string is the url parameters and the header values. If you dump out the entire response, you will see in an HTML comment the base string that the tool_consumer_outcome.php computed. Then print out your base string that was used in your calling code to compute your signature and then compare them character by character. Usually when we line up the two base strings - whatever is wrong jumps out. |
|
|
|
|
|
03/13/2012 09:56 AM
|
|
|
Thank you very much for this Dr Chuck.
------------------------- -- |
|
|
|
|
FuseTalk Standard Edition v3.2 - © 1999-2013 FuseTalk Inc. All rights reserved.
