Canvas OAuth clarification
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
We have a canvas integration where we obtain access tokens using the refresh_token flow. Per Canvas REST API docs we have to have Canvas admin generate a dev key and then on our side (as integration providers), hold on to client_id and client_secret. We therefore have to do this with each Canvas instance customer we work with.
This also means we have to first obtain the client_secret from the canvas admin and use it in the 'refresh_token' flow for oauth.
Is there an alternative model supported where Canvas instances will instead be able to use client_id and client_secret that we own on a steady basis (just one pair of info), and have a step to register us as an app, so that we don't have to ask each customer or our integration to generate a dev key and share the secret and client_id with us? Is such a model supported with OAuth Canvas implementation?
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello @BinodPant,
I will be happy to help you here. As far as what is available is whatever is listed here in the case of canvas auth https://canvas.instructure.com/doc/api/file.oauth.html You would want to follow the steps you have been. You might suggest an idea here however https://community.canvaslms.com/t5/Idea-Conversations/idb-p/ideas
