WordPress LTI Consumer Plugin: 'Invalid Signature' error

James asked 2 years ago


We have recently installed your WordPress LTI Consumer Plugin on our site to enable us to provide our site users with single sign on access to e-learning modules we have developed through EasyGenerator.

The installation appears to have worked fine, and we’ve entered the Consumer Key and Shared Secret provided to us by EasyGenerator. However, we’re encountering an error: ‘Invalid Signature’ when we attempt to embed the e-learning on our WordPress site.

We’ve followed this issue up with EasyGenerator, and they have suggested we enquire about the signature encryption method. They have asked if it’s possible to add/change the encryption to ‘HMAC-SHA1’ to launch an LTI integration?

Please let me know if this is something you can assist with, or if you have any suggestions for resolving the ‘invalid signature’ issue.

(As a bit of background, on our first attempt at embedding the e-learning, we received the error message “The requested resource does not support http method ‘POST’.” EasyGenerator gave us a different base URL to use and that has produced the invalid signature message).

Thanks for your assistance.


2 Answers

Ryan Staff answered 2 years ago

Pretty sure it’s already using HMAC. That seems to be the standard for OAuth.

James answered 2 years ago

Thanks, Ryan. I’ll go back to EasyGenerator and let them know.

Have you encountered the ‘invalid signature’ message before, and do you have any ideas what might be causing it?

Your Answer