How to Authenticate with OAuth Token to Access API Endpoints
Create a superuser or simple account
See the docs: Local deployment — Tutor documentation
tutor local do createuser --staff --superuser testuser testing@example.com
Create the OAuth API Application
To start, you need to set up an OAuth API application:
Log in to your LMS admin panel : Go to http://local.edly.io:8000/admin/
Access OAuth Applications : Navigate to http://local.edly.io:8000/admin/oauth2_provider/application/
Add a New Application
Configure the Application :
Client ID : lms-backend-service-key
.
User : Select the recently created user.
Client Type : confidential
.
Authorization Grant : client credentials
.
Client Secret : lms-backend-service-secret
.
Name : Enter a name for the API application.
Save the OAuth Application .
Your application has now been created.
Generate access-token for further usage
With postman , use this POST
request URL: http://local.edly.io:8000/oauth2/access_token
2: Navigate to the “Body” section and provide the form-data with the following values:
client_id: lms-backend-service-key
client_secret: lms-backend-service-secret
token_type: jwt
grant_type: client_credentials
This will generate an access token for subsequent use.
Grant Instructor Permissions to the User
Go to this URL http://local.edly.io:8000/admin/student/courseaccessrole/ and change the role for a course:
Time to test some API
1: Using postman, hit the instructor API get_student_progress_url
URL: http://local.edly.io:8000/courses/course-v1:edx+cs222+2311/instructor/api/get_student_progress_url
2: Go to body and pass form-data value as unique_student_identifier
: student username
3: Include the header information as shown in the screenshot.
Upon success, it will return the data in JSON format.
{"course_id":"course-v1:edx+cs222+2311","progress_url":"http://apps.local.edly.io:2000/learning/course/course-v1:edx+cs222+2311/progress/5/"}
In some cases, you will also need to include the CSRF token. Then, use this URL http://local.edly.io:8000/csrf/api/v1/token as GET. Include the CSRF token in the header using the key x-CSRFToken
with the value token value
.
2 Likes
feanil
(Feanil Patel)
August 20, 2024, 3:17pm
3
Nice! Thanks for posting!
We’ve also got this in the edx-platform docs: Authentication Related Code Samples — edx-platform documentation
and How To Use the REST API — edx-platform documentation
Do you think it’s worth updating some of that with your examples and pictures?
anu_om
(anu om)
August 20, 2024, 6:49pm
4
I tried this endpoint with all given configuration it seems to be giving 403 Status can you please provide us with the screenshot of config for following endpoint:
along with CSRF cookie
http://local.edly.io:8000/courses/course-v1:edx+cs222+2311/instructor/api/get_student_progress_url
@Awais_Qureshi
@anu_om you have to add the course-access roles for this course also.
1: Go to http://local.edly.io:8000/admin/student/courseaccessrole/
2: Enter the username as instructor and also the course id.
Please let me know if it works. I will update the steps also i think I missed this point.
headers
body
application
course-roles
You can try via curl command also. Just replace your token using this URL
curl --location ‘http://local.edly.io:8000/courses/course-v1:edx+cs222+2311/instructor/api/get_student_progress_url ’
–header ‘Authorization: JWT eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJvcGVuZWR4IiwiZXhwIjoxNzI0MjMzNDc2LCJncmFudF90eXBlIjoiY2xpZW50LWNyZWRlbnRpYWxzIiwiaWF0IjoxNzI0MjI5ODc2LCJpc3MiOiJodHRwOi8vbG9jYWwuZWRseS5pby9vYXV0aDIiLCJwcmVmZXJyZWRfdXNlcm5hbWUiOiJsb2dpbl9zZXJ2aWNlX3VzZXIiLCJzY29wZXMiOlsicmVhZCIsIndyaXRlIiwiZW1haWwiLCJwcm9maWxlIl0sInZlcnNpb24iOiIxLjIuMCIsInN1YiI6IjI2MjYyNDAxYzUyOGQ3YzRhNmJiZWFiZTA0NTVlYzQ2IiwiZmlsdGVycyI6W10sImlzX3Jlc3RyaWN0ZWQiOmZhbHNlLCJlbWFpbF92ZXJpZmllZCI6dHJ1ZSwiZW1haWwiOiJsb2dpbl9zZXJ2aWNlX3VzZXJAZmFrZS5lbWFpbCIsIm5hbWUiOm51bGwsImZhbWlseV9uYW1lIjoiIiwiZ2l2ZW5fbmFtZSI6IiIsImFkbWluaXN0cmF0b3IiOmZhbHNlLCJzdXBlcnVzZXIiOmZhbHNlfQ.t1GjtoPntvTgY153qlkoUHZ2N43U-Ac5uJY5EUTEo0g’ -X POST --form ‘unique_student_identifier=“audot”’
anu_om
(anu om)
August 21, 2024, 10:31am
7
Hello Awais
Thanks you for detailed reply, bit confused about X-CSRFTOKEN can you please tell me where I can find it…
Not sure how can I access CSRF TOKEN
Try this using curl or postman as get
curl http://local.edly.io:8000/csrf/api/v1/token
it will return you token
{"csrfToken":"xwmyMwUbnCtB7p26r0ZGc30aAc8e9sy9DAArs0HaCpAUrLIbbO4dbXiGDgLZDK72"}%
I forgot to mention in this document. Actually these apis are simple plain apis and does not involve any authentication mechanism. That’s why access token and csrf is not working with these apis. These apis will not work with postman using access token. Thoese apis which are now moved to DRF
will work with them.
But for non-drf you need to use session authentication and use that response csrf token
. I am uploading simple postman for session-base login. you can edit the global file and add your course-id and user id and password. Then execute the apis in order.
Instructor Env.postman_environment.json (327 Bytes)
workspace.postman_globals.json (648 Bytes)
Instructor dashboard.postman_collection.json (3.0 KB)