Authenticate with OAuth Token to Access API Endpoints (Instructor APIs)

How to Authenticate with OAuth Token to Access API Endpoints

Create a superuser or simple account

See the docs: Local deployment — Tutor documentation

tutor local do createuser --staff --superuser testuser testing@example.com

Create the OAuth API Application

To start, you need to set up an OAuth API application:

  1. Log in to your LMS admin panel: Go to http://local.edly.io:8000/admin/
  2. Access OAuth Applications: Navigate to http://local.edly.io:8000/admin/oauth2_provider/application/
  3. Add a New Application
  4. Configure the Application:
  • Client ID: lms-backend-service-key.
  • User: Select the recently created user.
  • Client Type: confidential.
  • Authorization Grant: client credentials.
  • Client Secret: lms-backend-service-secret.
  • Name: Enter a name for the API application.
  1. Save the OAuth Application.

Your application has now been created.

Generate access-token for further usage

  1. With postman, use this POST request URL: http://local.edly.io:8000/oauth2/access_token
    2: Navigate to the “Body” section and provide the form-data with the following values:
client_id: lms-backend-service-key
client_secret: lms-backend-service-secret
token_type: jwt
grant_type: client_credentials

This will generate an access token for subsequent use.

Grant Instructor Permissions to the User

Go to this URL http://local.edly.io:8000/admin/student/courseaccessrole/ and change the role for a course:

Time to test some API

1: Using postman, hit the instructor API get_student_progress_url URL: http://local.edly.io:8000/courses/course-v1:edx+cs222+2311/instructor/api/get_student_progress_url
2: Go to body and pass form-data value as unique_student_identifier: student username

3: Include the header information as shown in the screenshot.

Upon success, it will return the data in JSON format.

{"course_id":"course-v1:edx+cs222+2311","progress_url":"http://apps.local.edly.io:2000/learning/course/course-v1:edx+cs222+2311/progress/5/"}

In some cases, you will also need to include the CSRF token. Then, use this URL http://local.edly.io:8000/csrf/api/v1/token as GET. Include the CSRF token in the header using the key x-CSRFToken with the value token value.

2 Likes

@feanil FYI

Nice! Thanks for posting!

We’ve also got this in the edx-platform docs: Authentication Related Code Samples — edx-platform documentation

and How To Use the REST API — edx-platform documentation

Do you think it’s worth updating some of that with your examples and pictures?

I tried this endpoint with all given configuration it seems to be giving 403 Status can you please provide us with the screenshot of config for following endpoint:

along with CSRF cookie

http://local.edly.io:8000/courses/course-v1:edx+cs222+2311/instructor/api/get_student_progress_url

@Awais_Qureshi

@anu_om you have to add the course-access roles for this course also.
1: Go to http://local.edly.io:8000/admin/student/courseaccessrole/
2: Enter the username as instructor and also the course id.

Please let me know if it works. I will update the steps also i think I missed this point.

headers

body

application

course-roles

You can try via curl command also. Just replace your token using this URL

curl --location ‘http://local.edly.io:8000/courses/course-v1:edx+cs222+2311/instructor/api/get_student_progress_url
–header ‘Authorization: JWT eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJvcGVuZWR4IiwiZXhwIjoxNzI0MjMzNDc2LCJncmFudF90eXBlIjoiY2xpZW50LWNyZWRlbnRpYWxzIiwiaWF0IjoxNzI0MjI5ODc2LCJpc3MiOiJodHRwOi8vbG9jYWwuZWRseS5pby9vYXV0aDIiLCJwcmVmZXJyZWRfdXNlcm5hbWUiOiJsb2dpbl9zZXJ2aWNlX3VzZXIiLCJzY29wZXMiOlsicmVhZCIsIndyaXRlIiwiZW1haWwiLCJwcm9maWxlIl0sInZlcnNpb24iOiIxLjIuMCIsInN1YiI6IjI2MjYyNDAxYzUyOGQ3YzRhNmJiZWFiZTA0NTVlYzQ2IiwiZmlsdGVycyI6W10sImlzX3Jlc3RyaWN0ZWQiOmZhbHNlLCJlbWFpbF92ZXJpZmllZCI6dHJ1ZSwiZW1haWwiOiJsb2dpbl9zZXJ2aWNlX3VzZXJAZmFrZS5lbWFpbCIsIm5hbWUiOm51bGwsImZhbWlseV9uYW1lIjoiIiwiZ2l2ZW5fbmFtZSI6IiIsImFkbWluaXN0cmF0b3IiOmZhbHNlLCJzdXBlcnVzZXIiOmZhbHNlfQ.t1GjtoPntvTgY153qlkoUHZ2N43U-Ac5uJY5EUTEo0g’ -X POST --form ‘unique_student_identifier=“audot”’

Hello Awais

Thanks you for detailed reply, bit confused about X-CSRFTOKEN can you please tell me where I can find it…

Not sure how can I access CSRF TOKEN

Try this using curl or postman as get

curl http://local.edly.io:8000/csrf/api/v1/token

it will return you token
{"csrfToken":"xwmyMwUbnCtB7p26r0ZGc30aAc8e9sy9DAArs0HaCpAUrLIbbO4dbXiGDgLZDK72"}%

I forgot to mention in this document. Actually these apis are simple plain apis and does not involve any authentication mechanism. That’s why access token and csrf is not working with these apis. These apis will not work with postman using access token. Thoese apis which are now moved to DRF will work with them.

But for non-drf you need to use session authentication and use that response csrf token. I am uploading simple postman for session-base login. you can edit the global file and add your course-id and user id and password. Then execute the apis in order.

Instructor Env.postman_environment.json (327 Bytes)

workspace.postman_globals.json (648 Bytes)

Instructor dashboard.postman_collection.json (3.0 KB)