AnsweredAssumed Answered

GET User Profile resulting in Unauthorized error

Question asked by Akshya Pandey on Jan 23, 2019
Latest reply on Jan 25, 2019 by Akshya Pandey

Hello, I received a message from one of our Canvas Clients who are using our attendance tracking tool. They reported that they were seeing some unexpected behavior from the tool:

 

  1. The tool was unable to detect a System Admin (we use url:GET|/api/v1/accounts/:account_id/roles to load roles for Canvas. The tool attempts to find the default "AccountAdmin" role, or a role containing the string 'admin' in cases where there may be custom roles. To my knowledge they don't use a custom role so we would have expected this to work.)
  2. Some enrolled users weren't being displayed
  3. A "Test Student" account is also showing up (and the client let me know that they didn't create this account so they are a bit confused on how test students get created and enrolled in classes).

 

The client created an account and enrolled me as an instructor in one of these courses. As per my request, they also updated their developer keys to add Redirect URIs for my localhost (http://127.0.0.1:8000/).

However, this is when things started getting weird. I tried to load the course in my local machine, and I was able to get the current course info, course enrollment info and my user's info. However, when I iterated through the enrollments list to get student information (url:GET|/api/v1/users/:user_id/profile), I received the following reply from Canvas:

 

{"status":"unauthorized","errors":[{"message":"user not authorized to perform that action"}

 

I am able to correctly load my system role (user) and course role (instructor), so i'm not quite sure why I am not authorized to view the students of the course. Weirdly, I am able to retrieve the user profile for Test Student. Even stranger, when I actually run the tool through Canvas using the same instructor account, I am able to see all users.

 

Our developer key is not restricted by any scopes and allows all. What is causing this unauthorized error to appear? Any help on this matter is greatly appreciated.

Outcomes