Step 2 of oauth2 flow (Authenticating & Authorizing)

Jump to solution
haynes_chewning
Community Novice

I’m working with a developer at my institution to create a tool to automatically create new users in Canvas as they’re pushed to an internal system. We’re going to be using API calls & a developer key authorized by a special account to create the users.


 

We’re currently working on the Oauth2 flow and have a question. We want the process to be fully automated, but it looks like step 2 requires manual intervention to login and authorize the app. Is there some way to automatically authorize an app to negate the need to login? If not, is there some way to login and authorize the app through commands and bypass the need for manually doing it in a browser?

1 Solution
themidiman
Community Champion

I'm not sure if you're trying to develop an application that is run as a side-car to Canvas to create users on behalf of an admin user, but you can certainly simulate the API calls using cURL and side-step the Oauth2 process altogether. I'm assuming you've already considered that and are asking how to get to step 2 of being an authenticated user using Oauth2 in an automated fashion. To my knowledge this is contrary to the nature of Oauth2's design...that is to use the credentials of a user in application A and supply the appropriate information and access to application B. This necessitates user interaction because in the end the user is the deciding entity to authorize application B to utilize their account information and role from application A. If applications did this without the user's knowledge that would be a large security concern abroad the Internet.

Secondly, Instructure's terms of service dictate that applications do not store or ask users to enter their token into an application, so I think you're out of luck. Source: OAuth2 - Canvas LMS REST API Documentation

Lastly, if you're just trying to automate user creation, you can do so by using the SIS Import API endpoint: SIS Imports - Canvas LMS REST API Documentation

Your application could allow for users to request an account, and then batch process them in the same way SIS workflow is set up. The frequency of the batch process would be dependent on your needs, but it wouldn't be in real-time.

View solution in original post