cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
akshya
Community Participant

Incorrect Oauth2 Workflow after setting scope='/auth/userinfo' initially?

Jump to solution

I am developing an LTI application that makes use of the Canvas rest api to extract information about current user, course and the other users in the course.

I noticed that without any scope parameter in first step, users were being asked to authorize the app to make calls on their behalf every time they launched the app. As this isn't the most user friendly experience, I added the parameter scope='/auth/userinfo' to the initial redirect for Canvas Authorization. While that solved the issue of multiple authorization confirmation prompts, no access tokens are given. To my understanding, I should have been able to generate access tokens with the code I received from canvas after the authentication redirect. However, I am getting the following error as I try to get the access token:

 

{"error":"invalid_grant","error_description":"authorization_code not found"}

 

the call I'm making to receive an access token has the following parameters:

 

"grant_type": "authorization_code"

"code": <code received from canvas>

"client_id": <developer id>

"client_secret": <developer secret>

"redirect_uri": <initial redirect_uri>

 

Am I misunderstanding the workflow? Any help is appreciated, thanks!

0 Kudos
1 Solution

Accepted Solutions
Stef_retired
Community Team
Community Team

 @akshya ‌, it appears that this discussion is already well underway at Incorrect Oauth2 Workflow after setting scope='/auth/userinfo' initially? —and since the discussion has already been shared to the Canvas Developers‌ group, it's not necessary to repost it. So that we can keep the entire discussion thread unified, we've locked this new post for additional participation. Please add replies to the ongoing thread at Incorrect Oauth2 Workflow after setting scope='/auth/userinfo' initially? . Thanks!

View solution in original post

0 Kudos
1 Reply
Stef_retired
Community Team
Community Team

 @akshya ‌, it appears that this discussion is already well underway at Incorrect Oauth2 Workflow after setting scope='/auth/userinfo' initially? —and since the discussion has already been shared to the Canvas Developers‌ group, it's not necessary to repost it. So that we can keep the entire discussion thread unified, we've locked this new post for additional participation. Please add replies to the ongoing thread at Incorrect Oauth2 Workflow after setting scope='/auth/userinfo' initially? . Thanks!

View solution in original post

0 Kudos