Hello,
Looking at the use case for masquerade, masquerading could be useful in a number of use cases: for a portal type application that's already tightly integrated with an SIS and is managed by the school, to avoid going through the OAuth flow for every student
https://canvas.instructure.com/doc/api/file.masquerading.htmlWe would like to build an external website which collates the student profile, calls the Canvas API to create the student account, and then is able to present a link to the student which jumps directly into the Canvas learning environment (without the need for the oauth handshake).
Simply put these are the commands we are currently prototyping:
$command = '/api/v1/users/self/profile?as_user_id=201';
$content = do_canvas_command($command, $site, $admin_token);
printf("
masqueraded profile content = %s
\n", print_r($content, true));
$command = '/login/session_token?as_user_id=201';
$content = do_canvas_command($command, $site, $admin_token);
printf("
masqueraded url content = %s
\n", print_r($content, true));
(do_canvas_command is wrapper function to package up the appropriate curl calls)
The masquerade for the profile works:
masqueraded profile content = Array ( [0] => stdClass Object ( [id] => 201
[name] => Nicholas Kings [short_name] => Nick
[sortable_name] => Kings, Nicholas
[avatar_url] => https://oup.instructure.com/images/messages/avatar-50.png
[title] => [bio] =>
[primary_email] => nick.j.kings+1559826668@gmail.com
[login_id] => nick.j.kings+1559826668@gmail.com
[integration_id] => [time_zone] => America/New_York
[locale] => [effective_locale] => en
[calendar] => stdClass Object ( [ics] => https://oup.instructure.com/feeds/calendars/user_BbOhinluwVulwnQjvD0hs4xQdMpv6zfPugo9GFly.ics ) ) )
Should we use a different route? Or is /login/session_token not masquerade-able?
Thanks
