I have a question about launching lti apps sessionless. My goal is to automate the login to Rollcall and I have an access token myself. So with the sessionless launch url from the api, I can start Rollcall. However, Rollcall needs an access token as well so it redirects me to the OAuth authorization page (to approve the access for the app). But to access this page you need to be logged in... (same idea as described here: Attendance Report Using API )
One solution would be that Rollcall uses refresh tokens since you can then manually approve Rollcall once. I think this is unexpected behavior since a teacher has to approve the app every time he wants to fill in the attendance and a new access token is created for each approvement. I am not sure where to make a notice of this, here / GitHub issue /mail, but lets give this a try first. A small note: I noticed that with another account, rollcall has an access token without an expiration date and there my entire process works.
I am really wondering if you guys have another solution for my problem without saving the user's password in my database or know why Rollcall does not use refresh token.
ps. This is my first post on this forum so if I forgot something like mentioning someone or added the question to the wrong group, please let me know.