To Our Amazing Educators Everywhere,
Happy Teacher Appreciation Week!
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- Community
- Groups
- Canvas Developers Group
- Forum
- Generate Access Token issue when used Enforce Scop...
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Found this content helpful? Log in or sign up to leave a like!
Generate Access Token issue when used Enforce Scope
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-06-2023
04:26 AM
Please help,
I've been trying to create a function to generate Access token. It's working when there is no limit on Developer Key as I get Access Token in the response.
When I send a request to get the access token via "/login/oauth2/token", the response has Access Token as NULL. I have the bellow params submitted as JSON
"client_id=id"
"client_secret=key"
"code=abcdefg..."
"grant_type=authorization_code" **** tried with and without this and still get NULL access token
Response from Canvas
"{""access_token"":null,""token_type"":""Bearer"",""user"":{""id"":1,""name"":""My Account",""global_id"":""123456789"",""effective_locale"":""en""},""canvas_region"":""us-east-1"",""expires_in"":-664}"
What am I missing here?
Let me know.
Thanks.
8 Replies
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-07-2023
02:04 AM
When you start the OAuth 2 flow you need to supply the scopes that you are requesting a token to have access to: https://canvas.instructure.com/doc/api/file.oauth_endpoints.html#get-login-oauth2-auth
Although I would have expected you to get an error at this point if your developer key is marked as having scopes enforced.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-07-2023
05:00 PM
I did not have any error. I got to the page where required admin to click Authorize the App to access the account. I have "scope=/auth/userinfo" when requesting the Authorization Code via /login/oauth2/auth. I got that code to request the access token. Also I thought scope only needed when grant_type is client_credentials when requesting for an access token?
What is the scope needed for /login/oauth2/token when request for token? I can't tell from the documentation. It's not clear. Can you point me there?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-08-2023
12:31 AM
The "scope=/auth/userinfo" is used when you want to have Canvas be used for users to login to your applications/website. That scope doesn't allow you to make API requests to Canvas. This is outlined here: https://canvas.instructure.com/doc/api/file.oauth.html#oauth2-flow
If you are wanting to get an API token you need to get the user to got through the OAuth flow again, either without asking for any scopes (which means you get full access to the account), or with a limited set of scopes that you set in the developer key.
To get started it's probably simplest to leave your developer key without scopes enforced and not pass in any scopes when you start the OAuth flow. This should give you a token that you can use on any API endpoint. Then once you've got it working you can look at enforcing scopes on the developer key and requesting those scopes in the OAuth flow.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-22-2023
12:47 PM
I was able to generate the access token and refresh token with Enforce Scopes set to off. I then turned on Enforce Scopes, selected the necessary scopes and getting "Insufficient scopes" error on all requests.
For a simple example: Despite enabled this scope url:GET|/api/v1/accounts/:id and still got error below.
API Response - CanvasGetAccountById:[/api/v1/accounts/1] returned status[401]: Unauthorized {"errors":[{"message":"Insufficient scopes on access token."}],"error_report_id":83589}
Thought?
Circling back to the original question with Null access token returned, what are the exact necessary scopes to use when requesting the access token "/login/oauth2/token" with code/dev keys? ( the doc is a little not too clear about this)
Let me know.
Thanks
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-29-2024
11:49 AM
Where on that page are the scopes actually listed, and where is the explanation of what scopes are needed?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-04-2024
07:13 AM
Hi @lang1 ,
Can you please help me out that how you got the Authorization Code via "/login/oauth2/auth". Iam facing a invalid_scope error although i have mentioned scope as "scope=/auth/userinfo"..
Thanks in Advance.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-17-2024
02:31 PM
The scope you need in your auth code request is something like "url:GET|/api/v1/users/:user_id/profile" (getting the user's profile gets most "userinfo" you would need).
This is assuming the SAME scope is selected int he corresponding Developer Key scope within the Canvas UI.
So the call would be roughly:
"https://yourapp.instructure.com/login/oauth2/auth?client_id=API_KEY_CLIENT_ID&response_type=code&redirect_uri=https://yourapi.com/getuserinfoauthcode&scope=url:GET|/api/v1/users/:user_id/profile"
With the endpoint "getuserinfoauthcode" unpacking the auth code for the subsequent access token call.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-01-2024
12:51 AM
You have to declare the necessary scopes &scope= on the submit of OAUTH on /login/oauth2/auth
Community Help
View our top guides and resources:
Find My Canvas URL Help Logging into Canvas Generate a Pairing Code Canvas Browser and Computer Requirements Change Canvas Notification Settings Submit a Peer Review AssignmentTo participate in the Instructure Community, you need to sign up or log in:
Sign In