Celebrate Excellence in Education: Nominate Outstanding Educators by April 15!
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- Community
- Groups
- Canvas Developers Group
- Forum
- Re: GET User Profile resulting in Unauthorized err...
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Found this content helpful? Log in or sign up to leave a like!
GET User Profile resulting in Unauthorized error
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-23-2019
10:12 AM
Hello, I received a message from one of our Canvas Clients who are using our attendance tracking tool. They reported that they were seeing some unexpected behavior from the tool:
- The tool was unable to detect a System Admin (we use url:GET|/api/v1/accounts/:account_id/roles to load roles for Canvas. The tool attempts to find the default "AccountAdmin" role, or a role containing the string 'admin' in cases where there may be custom roles. To my knowledge they don't use a custom role so we would have expected this to work.)
- Some enrolled users weren't being displayed
- A "Test Student" account is also showing up (and the client let me know that they didn't create this account so they are a bit confused on how test students get created and enrolled in classes).
The client created an account and enrolled me as an instructor in one of these courses. As per my request, they also updated their developer keys to add Redirect URIs for my localhost (http://127.0.0.1:8000/).
However, this is when things started getting weird. I tried to load the course in my local machine, and I was able to get the current course info, course enrollment info and my user's info. However, when I iterated through the enrollments list to get student information (url:GET|/api/v1/users/:user_id/profile), I received the following reply from Canvas:
{"status":"unauthorized","errors":[{"message":"user not authorized to perform that action"}
I am able to correctly load my system role (user) and course role (instructor), so i'm not quite sure why I am not authorized to view the students of the course. Weirdly, I am able to retrieve the user profile for Test Student. Even stranger, when I actually run the tool through Canvas using the same instructor account, I am able to see all users.
Our developer key is not restricted by any scopes and allows all. What is causing this unauthorized error to appear? Any help on this matter is greatly appreciated.
7 Replies
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-23-2019
01:09 PM
Quite a few things in here, but starting at the end.
You are probably getting the unauthorized for the users call because this is an account level call and you do not have the correct account level permissions.
As you have instructor permissions for the course, you can instead use /api/v1/courses/:course/users
The Test Student is probably there from the use of "Student View". The creates a Test Student in the course.
For your general unexpected behaviours of the tool, what role does the user of the API token have?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-23-2019
02:12 PM
Thanks again for taking the time to help out, Peter.
I launched the course in my local machine (where I couldn't get it to load students's profiles earlier), but now I am able to see a few users and not others. I haven't been alerted by my clients of any changes. Do permissions for Instructors take time to be set up? It's odd that I am not allowed to retrieve the profiles of everyone in the course. This is the main unexpected behavior currently being faced.My user has the role "Instructor" in this class.
I am getting the user role by getting enrollments and iterating through them. To get course enrollments, I am using /api/v1/courses/:course_id/enrollments . Is there an advantage to using /api/v1/courses/:course/users instead of enrollments?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-23-2019
02:37 PM
Ah, I was a bit quick with some of the above, I was simply looking at .../users/:user_id.
Getting the profile as your are actually doing, looks like it should work. Works okay where I've tried it so far. Haven't tried iterating over a whole course yet.
What is the status of the users where it fails? I think they have to be active.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-24-2019
10:27 AM
It does look like the students not showing up for me were indeed inactive in the course! This makes a lot of sense, thank you!
One further question on role detection, what is the best way to detect that a current user is a system admin? I've been using /api/v1/accounts/:account_id/roles. One of the issues my client was concerned about was that the tool wasn't able to notice a System Admin account when an admin was accessing it.
Thanks again for all your great input.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-24-2019
01:11 PM
Not sure of you exact context here, but if its an LTI launch, is the LTI roles parameter sufficient (eg., urn:lti:instrole:ims/lis/Administrator)?
Or an API call to /api/v1/accounts/:account_id/admins
If you have an admin token, you can get a specific use with: /api/v1/accounts/:account_id/admins?user_id[]=SomeUser
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-25-2019
07:33 AM
I will have to check the API you have mentioned! We've preferred using APIs for roles but the LTI launch parameter might also be something to consider.
Thanks again for all the help, Peter!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-24-2019
06:26 AM
https://s3.amazonaws.com/tr-learncanvas/docs/Canvas_Permissions_Account.pdf
It sometimes takes up to 30 minutes or longer for API permissions to take effect.
Community Help
View our top guides and resources:
Find My Canvas URL Help Logging into Canvas Generate a Pairing Code Canvas Browser and Computer Requirements Change Canvas Notification Settings Submit a Peer Review AssignmentTo participate in the Instructure Community, you need to sign up or log in:
Sign In