AnsweredAssumed Answered

Server-to-Server OAuth2

Question asked by Dillon Kerr on Mar 9, 2016
Latest reply on Mar 14, 2016 by Dillon Kerr

In a previous post, I mentioned that I am attempting to build an external application that is capable of pushing grades from the application to the Canvas gradebook. I have successfully set up the grade push using the Canvas API, so grades for corresponding assignments are being added to the gradebook for a specified user.


However, from the start of development, I've been using a manually generated access token created within an Admin account in Canvas. Of course, hard-coding this access token into my code would not be acceptable, since this would result in a security risk. After going through the OAuth2 section of the API docs and attempting to implement, it seems that the OAuth2 API only supports user login through a redirect to the Canvas login page. Instead, I'm hoping to find some way to authenticate the server running the application that I am building, so that the server can request/use an access token and send API requests without having to redirect to the Canvas login page and provide a user login/password combination.


In other APIs, I've noticed mention of service accounts (e.g. Google) and resource owner password credentials. Does anyone know if this is possible with the Canvas implementation of OAuth2, and if so, how would I go about authenticating the application server directly?