AnsweredAssumed Answered

Incorrect Oauth2 Workflow after setting scope='/auth/userinfo' initially?

Question asked by Akshya Pandey on Apr 5, 2018
Latest reply on Apr 5, 2018 by Stefanie Sanders

I am developing an LTI application that makes use of the Canvas rest api to extract information about current user, course and the other users in the course.

I noticed that without any scope parameter in first step, users were being asked to authorize the app to make calls on their behalf every time they launched the app. As this isn't the most user friendly experience, I added the parameter scope='/auth/userinfo' to the initial redirect for Canvas Authorization. While that solved the issue of multiple authorization confirmation prompts, no access tokens are given. To my understanding, I should have been able to generate access tokens with the code I received from canvas after the authentication redirect. However, I am getting the following error as I try to get the access token:


{"error":"invalid_grant","error_description":"authorization_code not found"}


the call I'm making to receive an access token has the following parameters:


"grant_type": "authorization_code"

"code": <code received from canvas>

"client_id": <developer id>

"client_secret": <developer secret>

"redirect_uri": <initial redirect_uri>


Am I misunderstanding the workflow? Any help is appreciated, thanks!