Community Help

cpoole2256 · ‎05-31-2018

Hello Canvas Developers!

My team is producing an offline education game using the Unity game engine and we want to include Canvas functionality. Unity allows us to export a WebGL version of the game as an HTML page which we plan on having schools download and place in the course folders. Once there, the HTML page will automatically open and allow playing of the game in the browser without any server on our part. One problem: I noticed when researching the OAuth dance, you need a redirect URL which is where the user is send after they authenticate but its also where Canvas sends a code needed to finish the authentication. Because we're storing our game inside Canvas itself and we want to do this without any servers on my team's side, we were wondering how we should go about completing this part of the dance. Does that first GET command simply retrieve the code for our app anyway?

(We can't test it right this moment because our Canvas instance isn't set up but I'm just conducting research to make sure what we want to do can be done)

Thanks for the help!

-Christopher Poole###

pklove · ‎05-31-2018

For applications without a web sever ("native apps" in the Canvas doc), you can use urn:ietf:wg:oauth:2.0:oob as the redirect_url.. The redirect then goes to a page on the Canvas server with a URL like:

.../login/oauth2/auth?code=047f524c6b1d8bd6522670....

The user can then copy the code and insert it into your non-server application. The application can then get the token.

The main issue is having clear instructions to the end user about getting the code from the URL and putting it into your application. It would be nice if Canvas would put the code on the actual web page with some sort of instructions.

BTW, for testing its easy to fire up a slightly old, but adequate, AWS AMI, or more recent versions at Bitnami.

View solution in original post

pklove · ‎05-31-2018

For applications without a web sever ("native apps" in the Canvas doc), you can use urn:ietf:wg:oauth:2.0:oob as the redirect_url.. The redirect then goes to a page on the Canvas server with a URL like:

.../login/oauth2/auth?code=047f524c6b1d8bd6522670....

The user can then copy the code and insert it into your non-server application. The application can then get the token.

The main issue is having clear instructions to the end user about getting the code from the URL and putting it into your application. It would be nice if Canvas would put the code on the actual web page with some sort of instructions.

BTW, for testing its easy to fire up a slightly old, but adequate, AWS AMI, or more recent versions at Bitnami.

cpoole2256 · ‎06-04-2018

Thanks for the reply! That really sucks that they've got to pull the code out of the URL... I can pretty easily provide instructions on how to get that code but can't they just provide a default redirect that displays the code on the page itself? You'd think that would be a pretty basic function...

pklove · ‎06-06-2018

It would be nice if it was built-in and if you could have instructions for both Authorise and Cancel. These could be in the Key Settings.

Given we don't have this, its easy enough to put something on some server yourself (e.g., redirect_uri=https://canexa.netkno.nz/show_code), you just need to add the URL to the key's Redirect URIs.

JonathanDyason1 · ‎02-16-2022

Thank you. The Canvas API docs dont make life easy for developers. Very short on details.

pklove · ‎05-31-2018

BTW, how will you application make the OAuth/API calls? Files are served off a different server (e.g., https://cluster41-files.instructure.com/...), so if its via the browser with JavaScript XMLHttpRequest then you will probably run into CORS issues.

cpoole2256 · ‎06-04-2018

We'll be using Unity so the programming itself is done in C# and the HTTP calls are done using a library function provided by Unity itself. Unity can then export to WebGL. I would assume that the library function Unity provides would work with one of its standard export methods but I should definitely test that just to make sure. If it doesn't we can always export to a .exe and do it that way (I just wanted to do the WebGL export so it will play in the browser and not force students to download anything). Within the test environment Unity provides we've already successfully sent API GETs for manually generated access tokens.

OAuth Dance for Offline Game without Redirect URL

If I have a Course ID, Quiz ID and a Question ID c...

Item limit on "Add to Module" dialog box and solut...

Using API to get Gradebook CSV export

How to enable Upload/Recording Media option to tak...

outh2 flow token generation

If I have a Course ID, Quiz ID and a Question ID c...

How can I access previous year data using canvas L...

For new LTI tool - XML or JSON? Which is preferred...

Item limit on "Add to Module" dialog box and solut...

LTI not storing custom values in session data

You're signed out

OAuth Dance for Offline Game without Redirect URL

Community Help

View our top guides and resources: