Register for InstructureCon25 • Passes include access to all sessions, the expo hall, entertainment and networking events, meals, and extraterrestrial encounters.
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- Community
- Groups
- Canvas Developers Group
- Forum
- Server-to-Server OAuth2
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Found this content helpful? Log in or sign up to leave a like!
Server-to-Server OAuth2
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-09-2016
07:30 AM
In a previous post, I mentioned that I am attempting to build an external application that is capable of pushing grades from the application to the Canvas gradebook. I have successfully set up the grade push using the Canvas API, so grades for corresponding assignments are being added to the gradebook for a specified user.
However, from the start of development, I've been using a manually generated access token created within an Admin account in Canvas. Of course, hard-coding this access token into my code would not be acceptable, since this would result in a security risk. After going through the OAuth2 section of the API docs and attempting to implement, it seems that the OAuth2 API only supports user login through a redirect to the Canvas login page. Instead, I'm hoping to find some way to authenticate the server running the application that I am building, so that the server can request/use an access token and send API requests without having to redirect to the Canvas login page and provide a user login/password combination.
In other APIs, I've noticed mention of service accounts (e.g. Google) and resource owner password credentials. Does anyone know if this is possible with the Canvas implementation of OAuth2, and if so, how would I go about authenticating the application server directly?
Thanks!
8 Replies
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-10-2016
08:33 AM
I built an external testing engine that has common test/quizzes the deans want in courses. I used LTI connection that uses shared keys and secrets and generated OAUTH tokens in that manner. The grades on each quiz/test is pushed back to Canvas from my external app.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-10-2016
08:57 AM
When you say shared and secret keys, do you mean the developer keys that can be generated within an account in Canvas?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-10-2016
09:12 AM
No, the consumer key and shared secret are generated outside of Canvas. When the app is added to Canvas, the Consumer Key and Shared Secret aradded
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-10-2016
09:28 AM
Thanks a lot for your responses, mcarruth
Ah, those keys. I have those set up and am receiving several OAuth parameters when transferring to my external tool via LTI. I'm just a bit confused about how you're generating OAuth tokens. From what I believed, I thought that access tokens could only be generated through the API.
How did you go about using these keys to create an access token that allowed you to make calls to the API as an admin?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-10-2016
09:39 AM
@dkerr ,
Please see Canvas cousre Course Modules: Canvas Dev and Friends
LTI Activity 2: talks about the signature verification
Good info for PHP and LTI tools.
OSCELOT Projects > Projects > Basic LTI Tool Provider class for PHP > Home
One of the files in this project is OAuth.php. It contains the classes needed for Oauth
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-10-2016
09:49 AM
Thanks, Martin. I'll take a look at those links and try to work out a solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-14-2016
02:15 PM
Martin,
After going through the lesson on Canvas Dev & Friends, I'm still a bit confused as to how to create an access token with the oauth data and using it with the API. I'm successfully receiving the oauth_consumer_key, oauth_signature_method, oauth_timestamp, oauth_nonce, oauth_version, and oauth_signature. Also, accessing the external tool through an LTI link from Canvas is working correctly.
How are you combining this oauth information that's provided over LTI to generate an access token that can be used to interact with the API? Thanks
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-14-2016
02:35 PM
I am not using the token generated through the LTI to interact with the API. I am using the token to allow the LTI app to pass grades to the Canvas grade book. This is part of the LTI specifications, not the Canvas API specifications.
The tokens generated through LTI interaction do not give rights to Canvas API calls. If you want to make Canvas API calls, from within the LTI app you will need a developer key. Getting Started With The Api: Canvas Dev and Friends The developer key allows you to create tokens for users other than yourself so that the app can run in the context of the user accessing the LTI.
An example of access the Canvas API from within an LTI app is CanvaBadges GitHub - whitmer/canvabadges (This code is in Ruby).. The LTI key and secret are used to establish the secure connection to the server and access from the app. A developer key is needed for the application. The application uses the developer key to generate OAUTH tokens based on the user that is accessing the badge to verify badge prerequisite in Canvas.
Community Help
View our top guides and resources:
Find My Canvas URL Help Logging into Canvas Generate a Pairing Code Canvas Browser and Computer Requirements Change Canvas Notification Settings Submit a Peer Review AssignmentTo interact with Panda Bot in the Instructure Community, you need to sign up or log in:
Sign In