As part of a Gamification initiative, my team and I are working to create an stand-alone game which uses the Canvas API's GET requests to retrieve information on the student player and their courses. We're currently using manually created access tokens for testing but plan to learn OAuth later. Ideally, this game would work with any school's instance of Canvas (we plan on having a text field where you can type the base URL of your school's Canvas instance which is then used elsewhere for the GET calls). This means we wouldn't want to go through each individual school our players use and ask each one for permissions and instead just have a general solution that would allow the player to login and have it work with any instance of Canvas. Is this possible? We've already used our stand-alone program to gain information on our school's instance using my own access token, but is this a feature that some school's disable for security risks? Also when we move on to using OAuth will we still be able to generate a token for any school using only the URL of that school's instance and the login of a student from that school?
Thanks for the help!