Sharebar?

Different OAuth Signature Algorithms for v1 and v2

Different OAuth Signature Algorithms for v1 and v2

There appears to be a difference between how a signature is generated for LTI v1.x and LTI v2.x. While performing the tests for v2, I noticed that I had to first decode and then encode parameters when creating the normalized parameters string. Without decoding first, the tests would fail. If, however, I did decode the parameters first, all tests would pass successfully.

While performing the tests for v1, I noticed that I could not decode the parameters then re-encode them. Decoding first resulted in the tests failing. I confirmed this by comparing the base string expected by the test suite with the one I generated. However, reverting back to not decoding the parameters first resulted in LTI v2 tests failing again.

I'm not quite sure how to resolve this problem. I do not want to have my OAuth algorithm dependent on the LTI version, but it appears this may be the only solution. Suggestions?