cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
ramesh
Community Member

canvas lms api issue

I am currently doing some work with the Canvas LMS REST API and facing  an issue when trying to login with patner admin account.

GET https://<canvas-install-url>/login/oauth2/auth?client_id=XXX&response_type=code&redirect_uri=https://example.com/oauth_complete&state=YYY

I have used above api for login but i am failing for admin account.Because

POST /login/oauth2/token

While calling above API its giving 400 issue.

As per my application logs --

It is working fine for teachers and students account.

But if i try to login with admin account it is calling redirect url twice(https://example.com/oauth_complete&state=YYY). So same authentication code coming for two calls. So second time getting failed.

Let me know if there is anything I can do to help clarify things. Thanks for your help!!

6 Replies
garth
Community Champion

I was recently working with OAuth2, and did not have any issue.

Honestly, I'm not sure I understand what you are describing, I did not experience the behavior you are describing when using my admin account.  Can you try to clarify?

ramesh
Community Member

Hi Garth Egbert,

Thanks for your reply.

We are working on integrate canvas classes into my application.We implemented canvas oauth2 for login.

It is working fine with normal users(like role assigned as teacher or student) But it is not working for root partner admin account.

If you try following steps the issue may reproduced.

1.User will click on sign in button(which is in my application)(link:

https://<canvas-install-url>/login/oauth2/auth?client_id=XXX&response_type=code&redirect_uri=https://example.com/oauth_complete&state=YYY​)

2.It will move to canvas login page.here user will enter his user name and password of partner admin account.

3.Canvas Back end (if valid user and credentials it will call my redirect URL which i gave in sign button link with authorization code)

4.As per my logs i am expecting the issue is "Canvas server is calling my redirection URL  twice for only admin account with same authorization code. As authentication code should not duplicate, so  it is getting failed with 400 while calling get token api(POST : /login/oauth2/token)".

Example:

https://example.com/oauth_complete?code=xxxx&state=xxxx

The above URL getting called twice by canvas.

Let me know if there is anything I can do to help clarify things. Thanks for your help!!

garth
Community Champion

I am not seeing an extra redirect as you are describing.

I'll need to create a test app to try and reproduce the exact steps you are taking.

With Thanksgiving on top of us I am busy running errands, but will play with this as time permits.

garth
Community Champion

I am not able to reproduce the scenario that you are describing.

Re-reading your original post, if you are receiving a status 400 that suggests a poorly formed request.

I am able to reproduce a status 400 in any API call that is not properly formatted.

Verify the syntax of your API call.

If the problem is isolated to your admin account, verify privileges associated with that account.

ramesh
Community Member

Hi Garth Egbert,

Thanks for your reply.

As i mentioned, There is no special code for admin account. But it is working fine for teacher and student accounts.

I have verified API call format,it is good but the problem it is calling token api twice with same "authentication code" (it is generated by canvas for get token by using this) as canvas call my redirect url twice.

It is not normal admin account it is root admin account(on this email canvas team has provided canvas site), which account has full permissions. This admin account can restrict other account permissions.

Thanks for your help!!

Robbie_Grant
Community Coach
Community Coach

ramesh​,

Were you able to find an answer to your question? I am going to go ahead and mark this question as answered because there hasn't been any more activity in a while so I assume that you have the information that you need. If you still have a question about this or if you have information that you would like to share with the community, by all means, please do come back and leave a comment.  Also, if this question has been answered by one of the previous replies, please feel free to mark that answer as correct.

Robbie