Hi Folk,
Could anyone explain the meaning of the highlighted part in this document (https://canvas.instructure.com/doc/api/file.oauth.html#oauth2-flow-1)
“
Your application can rely on canvas for a user's identity. During step 1 of the web application flow below, specify the optional scope parameter as scope=/auth/userinfo. When the user is asked to grant your application access in step 2 of the web application flow, they will also be given an option to remember their authorization. If they grant access and remember the authorization, Canvas will skip step 2 of the request flow for future requests.
“
My understanding of the checkbox is that it will remember the authorization for this user. However, when I added “scope=/auth/userinfo” to my step 1 request, this checkbox showed on the authorization page and I checked the box. But even though I checked this box, Canvas still did not remember anything.
I have tried the following workflow:
- Called initial /login/oauth2/auth with “scope=/auth//userinfo”
- In the return URI , called /login/oauth2/auth again without “scope=/auth/userinfo”
- Extracted the code from the response of the second call of /login/oauth2/auth, then used the code to request the access_token.
From the above workflow, I could get the access_token back, but I have been prompted TWICE for the authorization. The above confirm page showed up twice. I was hoping Canvas would remember the user's authorization. There won't be any new authorization prompt after step 1 or any future request.
Please shed some light.
Thank you!
-Kim
