AnsweredAssumed Answered

OAuth2 authentication against LDAP service provider instead of canvas credentials?

Question asked by Eric Kornmeyer on Jun 27, 2019
Latest reply on Dec 11, 2019 by chofer@morainepark.edu

Hi all,

 

Sorry, kind of a loaded question. So I have previously implemented OAuth2 authentication against a wordpress website. So when a user gets created in wordpress, their account also gets created in Canvas with the same password. Upon logging in to the wordpress site for the first time, the OAuth2 process kicks off and the user has to enter in their Canvas credentials to link the two sites together. Once that happens, the user can enroll in courses from the wordpress site via functions I've created using the Canvas API which uses the individual user's OAuth2 token.

 

Recently we have activated LDAPS authentication in Canvas to get around having to create accounts for every employee of ours. So Canvas is connecting to our Active Directory and authenticating users, which is working great.

 

But the LDAPS implementation is essentially breaking the OAuth2 authentication I built. With LDAPS, the user's password is no longer stored anywhere (except for our Active Directory). So the OAuth2 authentication is taking them to the default canvas login URL (which requires an actual password in Canvas). They try to put in their Active Directory password and it doesn't work.

 

Besides passing their Active Directory password to canvas in the API, does any one know of a workaround I can try? I guess I can try to use an admin OAuth2 token on every user's behalf, but I don't think that is good practice.

Outcomes