How to go through grant_code oauth process without popping the authorization prompt?

Jump to solution
TinaWong
Community Explorer

Hi all,

I am now developing a LTI1.3 tool pretty much like Zoom LTI Pro1.3.

I want to sync calendar events in a canvas course after users use our LTI tool to create meetings.

According to the tutorial videos I watched on Youtube, it seems like Zoom LTI pro1.3 could sync calendar events without popping the canvas oauth authorization prompt.

I go to OAuth2 grant_code canvas document and OAuth provider.rb canvs source code ,figuring out that omitting authorization prompt is feasible as long as the developer key is trusted

However, I don't know how to make the developer key trusted.

Could someone please give me a guide to adding a trusted developer key?

 

Many thanks,

Tina

 

Labels (3)
0 Likes
1 Solution
matthew_buckett
Community Contributor

Last time I asked Instructure the answer was no on their hosted instances. I believe they use this flag internally so that their tools that use the API don't have to ask for authorization. If you can get them to enable it for your tool I'd be really interested.

It might be nice if they could have a compromise position where it can be enabled for external tools where only read access is needed through the API and anything that updates data in Canvas has to ask for permission.

View solution in original post