Enhanced Token Generation

RyanNorton
Instructure
Instructure
5
1921

Canvas.png

We have heard from many of you regarding the evolving ecosystem around access token usage and we wanted to share our upcoming plans and strategies.  Our goal is to provide schools with enhanced methods to maintain integrity and confidence around their access token strategies.

The Current State of the World / What We Have Learned

Canvas has always prided itself on providing an open platform.  Our aim has always been to offer a set of standards that encourage people to leverage our APIs in ways that deliver value and impact without being overly restrictive.

Over the past year, we have closely monitored the use of access tokens within educational institutions.  We have identified several areas where improvements are needed to ensure that schools can manage tokens more effectively and securely.  Feedback from our users has highlighted the need for greater control, visibility, and flexibility in token management.

What We Are Doing

To address these concerns, we are implementing the following changes to our API and user interface:

  1. Enhanced Token Deletion: We are updating our API to allow administrators to perform a targeted delete against existing tokens.  This will enable schools to better manage access as necessary, ensuring that tokens are only active when required.
  2. Enhanced UI for Access Controls: Our user interface will also be enhanced to provide administrators with access controls for visibility, creation, and deletion of tokens.  This will give schools a clearer view of token usage and more straightforward management capabilities.
  3. Admin-Generated Tokens: We are introducing a workflow that allows administrators to generate tokens on behalf of users. This new feature will include the option to limit token creation through our permissions model, ensuring that only authorized personnel can create tokens when enabled.

The above changes will also work with our existing purpose and expiration fields, allowing schools to specify the intended use and duration of tokens more precisely and allow for tailored token management options.

Timeline

We are planning to roll out these improvements in Q3 2024, with a release intended for late August or September.  We will provide further updates as we approach the release date to ensure that everyone is aware of the changes.

We believe these improvements will significantly enhance your ability to manage access tokens securely and efficiently.  Thank you for your continued support and feedback!

5 Comments