@BenjaminWerner
The request makes sense. My question would be if it would be better to use a different tool than RollCall. I believe it was written at the request of a school a long time ago and it works for what it does, but it's definitely not up to the support level of most Instructure products. In Encanto's world, RollCall might be named Bruno.
Since there is no public API, you would need to open the developer tools in your browser and monitor the traffic that is sent to RollCall. What happens when you click on a student to mark them as present (or any of the states)? Basically, you're reverse engineering what Canvas does and then making your code do the same thing.
When I wrote the code to gather the attendance reports, I did look at admin page I needed. It was a form but it was delivered from rollcall.instructure.com rather than <instance>.instructure.com. I downloaded the page and completed the form using JavaScript (I used JSDom) and then submitted it. That might have been necessary to get the right authorization header. RollCall is not like the REST API that you can include a token that you can get from inside Canvas directly. It uses a JWT in the authorization: bearer header.
In theory, you can use JWT. For all the smarts people think I have, I've never been able to figure JWT out. I find that severely limiting with the new features that come out that only work with JWT.
My approach bypassed the need for me to compute JWTs because I was using their form and their tokens. Canvas has said that they are moving toward using a gateway so that all products can be reached from one location. I've found the documentation on that lacking. The last I checked, they weren't allow introspection. That meant that you could not view the docs to see what you needed to do, which meant you already had to know what you were doing. That brings me back to reverse engineering the API calls they make. But it may be possible that you could use that gateway to contact RollCall. I cannot comment on that more than a possibility. I have not looked into it.
The interface would need to be on the instructor's side of things. Your system would need to collect the information and then, as the instructor, push it into RollCall. That's why I wonder if it would be easier to make your own attendance system. Of course, if you are forced to use RollCall, then you don't have a choice.
I guess the short answer is that you should be able to launch a sessionless external tool and then do everything there that you could do if it was an iframe inside Canvas. I did have to manage cookies. Without going into the specifics of each routine, it went something like this.
- Get the tool ID for RollCall.
- Get the sessionless launch, masquerading as a specific user. I think this might have been to make sure the email got sent to the proper location. I used my REST API access token to do this.
- Take the URL from that and fetch it.
- That delivered a form. I grabbed all of the inputs from it and then made a post with a redirect:manual option.
- Then I get the redirect from that form.
- Then I looked for a set-cookie header and saved the cookies.
- Then I looked at the body of the fetch, which is the HTML of the document.
- Then I parsed it with JSDom, completed the form, and made a POST to submit the form.
After step 6, I'm inside RollCall.
Your process would be slightly different since you're not completing a form on the admin page.