AnsweredAssumed Answered

Developer Key vs Client ID/Secret

Question asked by Peter Means on Jul 25, 2019
Latest reply on Jul 25, 2019 by Peter Love

I'm new to Oauth2 and just trying to get a clear idea of its implementation with Canvas. In the Oath2 documentation page it says the following:

Getting OAuth2 Client ID/Secret
...Performing the OAuth2 token request flow requires an application client ID and client secret. To obtain these application credentials, you will need to register your application. The client secret should never be shared.

For Canvas Cloud (hosted by Instructure), developer keys are issued by the admin of the institution.

I'm confused by the relationship between Developer Keys and Client ID's/Secrets. Based on this page, it sounds like Developer Keys are a combination of the Client ID and Secret(?). However, for the rest of the Oath2 page it refers to the Client ID and Client Secret as separate things, and they're used separately. How is the Developer Key suppose to be used after you get it?

 

Thanks!

Outcomes