Community

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
HarryPhan
New Member

Scoped token does not work with GraphQL

Hello! 

I'm trying to use a scoped-token API key to query GraphQL but haven't got any luck yet. Our queries always received the error message of:

{'message': 'Insufficient scopes on access token.'}

 

The API key has full read-only permissions and has the option "Allow Include Parameters" enabled. The queries work if we disable scoping token. Do you have any idea what we could have missed?

Thanks!

0 Kudos
3 Replies
ColtonSwapp
Instructure
Instructure

Hello @HarryPhan 

I apologize that you are having trouble with your Scoped token with Graph QL. 

Can we have you submit a ticket directly to Canvas support on this issue, so that they can take a look into the error message you are receiving after using the scoped-token API key to query GraphQL? 

 

Thank you! 

HarryPhan
New Member

@ColtonSwapp thanks for the response.  I've submitted a ticket to Canvas support, the case number is 08440257. I no

I suspect that GraphQL requires the access token to have permissions on some certain scopes in order to serve my query. However I could not figure out which scopes that I'm missing. I notice there's another question about GraphQL and scoping in the forum: https://community.canvaslms.com/t5/Canvas-Developers-Group/How-does-GraphQL-and-Scoping-work/m-p/234...

 

FWIW, this is the GraphQL query that I'm sending:

query MyQuery {
  legacyNode(_id: "106", type: User) {
    ... on User {
      id
      email
      name
      avatarUrl
      sisId
    }
  }
}

 

And here's the list of scopes that we requested for our access token in OAuth2 flow:

 

scopes = [
        "url:POST|/api/v1/conversations",
        "url:GET|/api/v1/accounts",
        "url:GET|/api/v1/accounts/:id",
        "url:GET|/api/v1/accounts/:account_id/courses",
        "url:GET|/api/v1/accounts/:account_id/users",
        "url:GET|/api/v1/courses/:id",
        "url:GET|/api/v1/courses/:course_id/enrollments",
        "url:GET|/api/v1/courses/:course_id/analytics/student_summaries",
        "url:GET|/api/v1/courses/:course_id/analytics/users/:student_id/communication",
        "url:GET|/api/v1/courses/:course_id/assignments",
        "url:GET|/api/v1/courses/:course_id/assignments/:id",
        "url:GET|/api/v1/courses/:course_id/assignments/:assignment_id/submissions",
        "url:GET|/api/v1/courses/:course_id/gradebook_history/days",
        "url:GET|/api/v1/courses/:course_id/gradebook_history/:date",
        "url:GET|/api/v1/courses/:course_id/gradebook_history/:date/graders/:grader_id/assignments/:assignment_id/submissions",
        "url:GET|/api/v1/courses/:course_id/analytics/users/:student_id/assignments",
        "url:GET|/api/v1/courses/:course_id/students/submissions",
        "url:GET|/api/v1/courses/:course_id/sections",
        "url:GET|/api/v1/sections/:section_id/enrollments",
        "url:GET|/api/v1/users/:user_id/enrollments",
        "url:GET|/api/v1/users/:id",
        "url:GET|/api/v1/users/:user_id/profile"
    ]

 

My assumption is that the last 2 scopes should be enough for us to retrieve the data of the query.

 

Was this solved? I put a ticket in back in 2021 for the same thing but did not hear if it was solved.