xmllti

How do I sign an XML POST request with oauth?


I'm in the middle of creating an LTI tool and the spec docs for LTI Gradebooks say that the requests must be "Plain Old XML" (POX) messages signed using OAuth body signing [OAuth, 10]. LTI Gradebook docs found here

When using application/x-www-form-urlencoded, its easy, you include oauth_signature as apart of the POST request data, but when its XML, I don't understand where to put the oauth_signature data. Am I missing something?


Solution

  • To anyone running into the same problem, you have to put the OAuth into the header of the request using the Authorization header field.

    For more details, check out http://docs.akana.com/cm/api_oauth/aaref/Ref_OAuth_AuthorizationHeader_10a.htm