LTI advantage - Access token usage fails with status code 401

LTI advantage - Access token usage fails with status code 401

by Srinivas Jonnala -
Number of replies: 1

Hello,

I configured an external tool in moodle to use LTI 1.3 and was able to generate an access token by sending a POST request to OAuth2 url "..../moodle/mod/lti/token.php". As per the LTI advantage security model spec, i used the grant type "Client_Credentials". I also provided the necessary scopes as mentioned in the spec.

../lti-ags/scope/lineitem ../spec/lti-ags/scope/result.readonly ../spec/lti-ags/scope/score ../spec/lti-nrps/scope/contextmembership.readonly.

 

I am using the token as a Bearer token to fetch lineitems. In this case, i am receiving a 401 "Unauthorized" error. 

The lineitems url is ".../moodle/mod/lti/services.php/3/lineitems?type_id=3" and this url is part of the LtiResourceLinkRequest message. 

Can you please point to what's causing the 401 unauthorized error.

Average of ratings: -
In reply to Srinivas Jonnala

Re: LTI advantage - Access token usage fails with status code 401

by Stephen O'Leary -

I also encountered this problem with a Moodle instance in Microsoft Azure using Bitnami - the problem was that apache was stripping out the Authentication headers.  

The fix for me was to set this in the httpd.conf file or alternatively in the vhosts file :

SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1
SetEnvIf Content-Type "(.*)" HTTP_CONTENT_TYPE=$1
SetEnvIf Accept "(.*)" HTTP_ACCEPT=$1
see: https://stackoverflow.com/a/47031629

Average of ratings: Useful (1)