Activity Feed
- Got a Like for Re: Asking users to generate an access token. 08-06-2020 02:01 AM
- Got a Like for HTML sanitation rules applied to HTML in submission body. 12-06-2018 09:09 PM
- Liked Re: Asking users to generate an access token for James. 10-24-2018 08:33 AM
- Got a Like for Re: Asking users to generate an access token. 10-24-2018 07:30 AM
- Got a Like for Re: Asking users to generate an access token. 10-23-2018 08:41 PM
- Posted Re: Asking users to generate an access token on Canvas Developers Group. 10-23-2018 08:29 PM
- Liked Re: Asking users to generate an access token for James. 10-23-2018 08:20 PM
- Posted Re: Asking users to generate an access token on Canvas Developers Group. 10-23-2018 10:13 AM
- Liked Asking users to generate an access token for gruetzmacherr. 10-23-2018 10:06 AM
- Liked Re: Asking users to generate an access token for themidiman. 10-23-2018 10:06 AM
- Liked Re: Asking users to generate an access token for themidiman. 10-23-2018 10:06 AM
- Got a Like for Asking users to generate an access token. 10-23-2018 10:06 AM
- Got a Like for Asking users to generate an access token. 10-22-2018 03:05 PM
- Posted Asking users to generate an access token on Canvas Developers Group. 10-18-2018 11:26 AM
- Tagged Asking users to generate an access token on Canvas Developers Group. 10-18-2018 11:26 AM
- Tagged Asking users to generate an access token on Canvas Developers Group. 10-18-2018 11:26 AM
- Tagged Asking users to generate an access token on Canvas Developers Group. 10-18-2018 11:26 AM
- Got a Like for HTML sanitation rules applied to HTML in submission body. 08-02-2018 01:03 PM
- Got a Like for Re: HTML sanitation rules applied to HTML in submission body. 08-02-2018 01:03 PM
- Posted Re: HTML sanitation rules applied to HTML in submission body on Canvas Developers Group. 08-02-2018 01:01 PM
My Posts
| Post Details | Date Published | Views | Likes |
|---|---|---|---|
|
Asking users to generate an access token Is it acceptable to ask users to generate a Canvas access token and enter it into an application? I'm not asking if it is ideal (over using OAuth2 to request tokens,) but rather if it is "legal" and ... |
10-18-2018 |
3072 |
2 |
|
HTML sanitation rules applied to HTML in submission body What are the HTML sanitation rules that get applied to HTML specified in the "submission[body]" parameter for assignment submissions via the Canvas API? The Canvas API documentation on submitting ass... |
08-02-2018 |
1157 |
3 |
10-23-2018
08:29 PM
2 Likes
Thank you for taking the time to respond with that thorough post, @James ! You answered most of my questions and addressed my concerns around the topic. I like you're approach of using Google Sheets - and you make a great point that once they copy it, it is no longer in your "domain" - it is in theirs at that point. What I was thinking of doing doesn't make that clean break, and would technically be used by multiple users - so I think I'll stick with using the OAuth flow as I have in the past. It's obviously not as quick and easy for end-users to jump in and start using, but that's not a show stopper. Thank you again for taking the time to respond, Raymond
... View more
10-23-2018
10:13 AM
Thank you for your comments, Jeffrey! I think it's really powerful to allow users to generate their token and enter it into a tool, but I understand why Instructure frowns on it's regular use. I would like to use that feature, but I don't want to be in violation of Instructure's terms of service either.
... View more
10-18-2018
11:26 AM
2 Likes
Is it acceptable to ask users to generate a Canvas access token and enter it into an application? I'm not asking if it is ideal (over using OAuth2 to request tokens,) but rather if it is "legal" and allowed within Canvas's terms of service. I was under the impression that it is not permitted by Instructure/Canvas to ask users to enter their access tokens into an application. In fact in the Canvas OAuth documentation it states the following. For testing your application before you've implemented OAuth, the simplest option is to generate an access token on your user's profile page. Note that asking any other user to manually generate a token and enter it into your application is a violation of Canvas' terms of service. Applications in use by multiple users **MUST* use OAuth to obtain tokens*. What has me asking this question then, is that I recently came across some of @James 's work (I'm a big fan, James!) and in his tools he asks users to generate and provide access tokens to use his tools. His work has even been promoted by Instructure/Canvas and featured on CanvasLive showing his due date changing Google Doc spreadsheet, during which they show users how to generate an access token and then enter it into his Google Docs spreadsheet. All of this has left me a bit confused on what is permitted and what is not around this topic. I have written a few LTI integrations now and have become familiar with the OAuth2 flow to request access tokens. If I am able to legally bypass that for smaller-scale applications/integrations it would certainly change my approach. Up to this point I thought it was illegal for me to request users enter an access token, but it seems to be a somewhat accepted practice. Thank you, Raymond
... View more
08-02-2018
01:01 PM
1 Like
Based on the HTML that I'm submitting and how it appears to be getting sanitized, the whitelist you provided appears to the ruleset that is used. Thank you!
... View more
08-02-2018
08:59 AM
3 Likes
What are the HTML sanitation rules that get applied to HTML specified in the "submission[body]" parameter for assignment submissions via the Canvas API? The Canvas API documentation on submitting assignments states: Note this HTML snippet will be sanitized using the same ruleset as a submission made from the Canvas web UI. I have successfully submitted assignments containing an HTML body via the Canvas API, but I have not been able to locate the mentioned 'ruleset' to determine what types of HTML (and embedded styling) I'm able to send without it being lost.
... View more
