Talking to OAuth2 API server-to-server - Sync'ing Canvas courses to LTI 1.3 Tool's internal classes
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello,
I'm investigating how to map activity coming from Canvas via LTI 1.3 into our tool, specifically how to map courses (via their sis_id) to those we are already anticipating to see from Rostering (via a Clever, etc).
I know the Canvas API has a `/courses` endpoint where we could get the list up front. However from what I'm reading it seems this API can ONLY be hit using the OAuth2 auth code flow on behalf of a user. Meaning, we could not have an independent process call Canvas via an API key to get this course data async; this information could only be captured from user activity in-browser (i.e. a Canvas admin launching and authorizing the flow).
Is there another means of hitting the Canvas API that's NOT user-based in-browser redirects? It seems if not, we would have to on the fly grab courses data as it comes in or have a Canvas admin manually "sync" with us since this activity needs to be triggered by user activity.
Best,
.dig
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
After pondering this a while and tooling around, I've found a work around for the cases where I would need to hit the Canvas OAuth2 API as an LTI tool server-to-server call (NOT using the standard in-browser redirect, operating "on behalf of the user" realtime).
This assumes the Canvas admin is also invested in what you need to get setup (e.g. for rostering or other data sync'ing you need) and is not comfortable with you having an access token with the same full access their account has.
How to "Onboard" the Canvas account to your Tool for direct API calls:
1. have the Canvas admin create a NEW type of admin role:
- go to Admin -> Account -> Permissions -> Account Roles tab
- Select "Add Role" and name it (I called it in my Canvas sandbox "Limited Tool Admin")
- add limited permissions (e.g. just viewing User list and Course list and nothing else)
2. Create a new account (doesn't have to be an account you, the Tool side, needs to have login access to - can be internal to Canvas user's world - but someone needs to be able to login to generate a token)
3. Go to Admin -> Account -> Settings
- select "Admins" tab
- select "Account Admins" and select in dropdown new Admin type (Limited)
- add email addresses of new account
4. Login as new account that's a "Limited Admin"
- go to Account -> Settings
- scroll down to Approved Integrations - and generate a new access token
The Access Token will be limited to the Limited Admin account's access.