我为提出这么多问题而道歉,但似乎没有人得到答案,我真的需要帮助。我正在使用LTI将我的程序集成到学习管理系统中,我需要使用OAuth进行身份验证。我按照指南here生成签名没有任何问题,但我生成的签名永远不会与LMS传递给我的签名相符,我无法弄清楚为什么他们永远不会匹配我的生活。我希望这是我不知道的事情,但我真的需要一些帮助。
当我从LMS启动我的程序时,我通过POST在所谓的LTI启动中发送了这个数组:
array(
'launch_presentation_locale' => 'EN-US__',
'tool_consumer_instance_guid' => 'key',
'tool_consumer_instance_name' => 'MyProgram',
'tool_consumer_instance_description' => 'MyProgram',
'tool_consumer_instance_contact_email' => 'johndoe@email.com',
'tool_consumer_info_version' => '10.3.0 SP5',
'tool_consumer_info_product_family_code' => 'desire2learn',
'context_id' => '2440554',
'context_title' => 'ContextTitle',
'context_label' => 'ContextTitle',
'context_type' => '',
'user_id' => 'USER_ID',
'roles' => 'None',
'lis_person_name_given' => 'John',
'lis_person_name_family' => 'Doe',
'lis_person_name_full' => 'John Doe',
'lis_person_contact_email_primary' => 'johndoe@email.com',
'ext_tc_profile_url' => 'https://profileurl.com',
'ext_d2l_token_id' => '123456789',
'ext_d2l_link_id' => '1234',
'ext_d2l_token_digest' => 'AbCdEfGhIjKlMnOpQrStUvWxYzi=',
'resource_link_id' => '',
'resource_link_title' => 'MyProgram',
'resource_link_description' => 'MyProgram',
'lis_result_sourcedid' => 'abcdefgh-ijkl-mnop-qrst-uvwxyz012345',
'lis_outcome_service_url' => 'https://outcomeserviceurl.com',
'lti_version' => 'LTI-1p0',
'lti_message_type' => 'basic-lti-launch-request',
'oauth_version' => '1.0',
'oauth_nonce' => '123456789',
'oauth_timestamp' => '1234567890',
'oauth_signature_method' => 'HMAC-SHA1',
'oauth_consumer_key' => 'key',
'oauth_callback' => 'about:blank',
'oauth_signature' => 'eFUR8O5xVydLrj4PDj37nF4cq6A=',
'basiclti_submit' => 'Launch Endpoint with BasicLTI Data'
);
这是我正在尝试的。我已添加评论以澄清步骤:
// Set variables that are required for the signature to be generated.
$OAUTH_KEY = 'key';
$OAUTH_SECRET = 'secret';
$httpMethod = 'POST';
$SITE_URL = 'https://localhost/test.php';
// make array copy of entire POST data, remove the 'oauth_signature' field as specified in the oauth spec from the copy array, then sort alphabetically. After that, url encode the key/value of each item in the copy array and store into a string for later use.
$request_parameter_array = $_POST;
unset($request_parameter_array['oauth_signature']);
ksort($request_parameter_array);
$request_parameter_str = '';
foreach($request_parameter_array as $key => $value) {
$request_parameter_str .= rawurlencode($key) . '=' . rawurlencode($value) . '&';
}
// create the signature base string (string variable that the actual signature is created from) by following these steps from the OAuth documentation:
// 1. The HTTP request method in uppercase. For example: "HEAD",
// "GET", "POST", etc. If the request uses a custom HTTP method, it
// MUST be encoded (Section 3.6).
// 2. An "&" character (ASCII code 38).
// 3. The base string URI from Section 3.4.1.2, after being encoded
// (Section 3.6).
// 4. An "&" character (ASCII code 38).
// 5. The request parameters as normalized in Section 3.4.1.3.2, after
// being encoded (Section 3.6).
$key = rawurlencode($OAUTH_SECRET) . '&';
$signature_base = strtoupper($httpMethod) . '&' . rawurlencode($SITE_URL) . '&';
$signature_base .= rawurlencode($request_parameter_str);
$signature = base64_encode(hash_hmac("sha1", $signature_base, $key, true));
echo $signature;
答案 0 :(得分:0)
我想这是我自己的愚蠢问题。这个问题来自D2L本身,因为我误解了使用工具链接与工具提供程序进行集成之间的区别。我确实删除了我的工具提供程序,并使用工具链接,现在我可以每次都进行身份验证。
事实证明,这里的代码根本没有问题。