Error when trying to authenticate to the Canvas API

[efren.on...@gmail.com]

I'm trying to use OAuth to authenticate with Canvas API and I'm getting an error.

These are the steps I'm taking:

1) Navigate to http://my-canvas-instance:3000/login/oauth2/auth?client_id=my-client-id&response_type=code&redirect_uri=urn:ietf:wg:oauth:2.0:oob

    This gives me the Canvas login page.

2) Enter my credentials and click on Log In.

    This takes me to the page where I have to authorize the access.

3) I click on Authorize.

    This sends me to an error page with this message.

    Page Error

    Well, it looks like something broke unexpectedly. Sorry you had to see that. If you have a second, please let us know what you were doing when the error happened.

    There's the option to send information about the error to Infrastructure (I'm guessing). Tried this once, but I haven't gotten any response yet.

[Graham Ballantyne]

Take a look at http://my-canvas-instance:3000/error_reports, and/or your log files (either production.log or development.log, depending on what RAILS_ENV you're running in). Those should tell you what's going wrong.

---

--

---
You received this message because you are subscribed to the Google Groups "Canvas LMS Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to canvas-lms-use...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

--

Graham Ballantyne
IT Services
Simon Fraser University

[efren.on...@gmail.com]

Looks like I'm missing Redis, which is required to support OAuth2.

Will install and reply back if I find anything else.

Thank you for your support.

[efren.on...@gmail.com]

After installing Redis, I'm getting good error messages letting me know what I'm doing wrong. The OAuth2 flow is working as expected now.

However, to increase the amount of tests I want to do, I tried generating a user-generated access token, but I can't seem to be able to use this token. I keep getting "Invalid access token" error, but the token is valid as has no expiration.

If I understand correctly, I should be able to send that user-generated access token in the Authorization header of my request, right?

I've read in other forums that Canvas forces HTTPS to be used when invoking the API, but this doesn't seem to be the case because I'm able to invoke the API using the browser where I already have a Canvas session running.

I'm guessing I may be missing something extra in the request. Another header maybe?

[efren.on...@gmail.com]

I went through the OAuth flow to get an access token, used this access token in a call to an API, and it worked perfectly.

So it's definitely not an issue with HTTPS. It's like the user-generated tokens cannot be used.

Maybe there's an extra setting somewhere to enable them?

[Cody Cutrer]

Once an access token is generated, Canvas does not distinguish between manually generated tokens vs. tokens generated from the OAuth flow. They are both associated with a developer key (client id/secret); the manually generated tokens just happen to be associated with a developer key named "Manually Generated", instead of one for your app. You're sure you're forming the Authorization header correctly? (`Authorization: Bearer <access token>`) Do the server logs give any hints as to why it was not accepted? AuthenticationMethods#load_pseudonym_from_access_token (lib/authentication_methods.rb:96) is where the access token is checked, you might try to add additional logging or debugging there.

Cody Cutrer

Software Engineer

Instructure

[Ahmed Abdullah]

I'm hitting a similar error. Took a look at the production logs when I make the curl call using a manually generated token:

[- d2db3d86-6ddc-4d35-bb69-84dc4f699a01]   AccessToken Load (0.5ms)  SELECT "access_tokens".* FROM "access_tokens" WHERE "access_tokens"."crypted_token" = 'f7c2dbfc87b1b516ea42e2360bd26678b9d18c55' ORDER BY "access_tokens"."id" ASC LIMIT 1  [production:1 master]

[- d2db3d86-6ddc-4d35-bb69-84dc4f699a01] {"message":"redis_request","command":"get","request_size":28,"request_time_ms":0.130775,"host":"localhost:6379","key":"developer_key\/10000000000002","response_size":2089}

[- d2db3d86-6ddc-4d35-bb69-84dc4f699a01] 

AuthenticationMethods::AccessTokenError (AuthenticationMethods::AccessTokenError):

  /var/canvas/lib/authentication_methods.rb:96:in `load_pseudonym_from_access_token'

  /var/canvas/lib/authentication_methods.rb:124:in `load_user'

  /var/canvas/vendor/bundle/ruby/2.2.0/gems/activesupport-4.2.7.1/lib/active_support/callbacks.rb:432:in `block in make_lambda'

  /var/canvas/vendor/bundle/ruby/2.2.0/gems/activesupport-4.2.7.1/lib/active_support/callbacks.rb:164:in `call'

  /var/canvas/vendor/bundle/ruby/2.2.0/gems/activesupport-4.2.7.1/lib/active_support/callbacks.rb:164:in `block in halting'

  /var/canvas/vendor/bundle/ruby/2.2.0/gems/activesupport-4.2.7.1/lib/active_support/callbacks.rb:504:in `call'

  /var/canvas/vendor/bundle/ruby/2.2.0/gems/activesupport-4.2.7.1/lib/active_support/callbacks.rb:504:in `block in call'

  /var/canvas/vendor/bundle/ruby/2.2.0/gems/activesupport-4.2.7.1/lib/active_support/callbacks.rb:504:in `each'

  /var/canvas/vendor/bundle/ruby/2.2.0/gems/activesupport-4.2.7.1/lib/active_support/callbacks.rb:504:in `call'

  /var/canvas/vendor/bundle/ruby/2.2.0/gems/activesupport-4.2.7.1/lib/active_support/callbacks.rb:92:in `__run_callbacks__'

  /var/canvas/vendor/bundle/ruby/2.2.0/gems/activesupport-4.2.7.1/lib/active_support/callbacks.rb:778:in `_run_process_action_callbacks'

  /var/canvas/vendor/bundle/ruby/2.2.0/gems/activesupport-4.2.7.1/lib/active_support/callbacks.rb:81:in `run_callbacks'

  /var/canvas/vendor/bundle/ruby/2.2.0/gems/actionpack-4.2.7.1/lib/abstract_controller/callbacks.rb:19:in `process_action'

  /var/canvas/vendor/bundle/ruby/2.2.0/gems/actionpack-4.2.7.1/lib/action_controller/metal/rescue.rb:29:in `process_action'

  /var/canvas/vendor/bundle/ruby/2.2.0/gems/actionpack-4.2.7.1/lib/action_controller/metal/instrumentation.rb:32:in `block in process_action'

  /var/canvas/vendor/bundle/ruby/2.2.0/gems/activesupport-4.2.7.1/lib/active_support/notifications.rb:164:in `block in instrument'

  /var/canvas/vendor/bundle/ruby/2.2.0/gems/activesupport-4.2.7.1/lib/active_support/notifications/instrumenter.rb:20:in `instrument'

  /var/canvas/vendor/bundle/ruby/2.2.0/gems/activesupport-4.2.7.1/lib/active_support/notifications.rb:164:in `instrument'

  /var/canvas/vendor/bundle/ruby/2.2.0/gems/actionpack-4.2.7.1/lib/action_controller/metal/instrumentation.rb:30:in `process_action'

  /var/canvas/vendor/bundle/ruby/2.2.0/gems/actionpack-4.2.7.1/lib/action_controller/metal/params_wrapper.rb:250:in `process_action'

  /var/canvas/vendor/bundle/ruby/2.2.0/gems/activerecord-4.2.7.1/lib/active_record/railties/controller_runtime.rb:18:in `process_action'

  /var/canvas/vendor/bundle/ruby/2.2.0/gems/actionpack-4.2.7.1/lib/abstract_controller/base.rb:137:in `process'

  /var/canvas/vendor/bundle/ruby/2.2.0/gems/actionview-4.2.7.1/lib/action_view/rendering.rb:30:in `process'

  /var/canvas/vendor/bundle/ruby/2.2.0/gems/actionpack-4.2.7.1/lib/action_controller/metal.rb:196:in `dispatch'

  /var/canvas/vendor/bundle/ruby/2.2.0/gems/actionpack-4.2.7.1/lib/action_controller/metal/rack_delegation.rb:13:in `dispatch'

  /var/canvas/vendor/bundle/ruby/2.2.0/gems/actionpack-4.2.7.1/lib/action_controller/metal.rb:237:in `block in action'

  /var/canvas/vendor/bundle/ruby/2.2.0/gems/actionpack-4.2.7.1/lib/action_dispatch/routing/route_set.rb:74:in `call'

  /var/canvas/vendor/bundle/ruby/2.2.0/gems/actionpack-4.2.7.1/lib/action_dispatch/routing/route_set.rb:74:in `dispatch'

  /var/canvas/vendor/bundle/ruby/2.2.0/gems/actionpack-4.2.7.1/lib/action_dispatch/routing/route_set.rb:43:in `serve'

  /var/canvas/vendor/bundle/ruby/2.2.0/gems/actionpack-4.2.7.1/lib/action_dispatch/journey/router.rb:43:in `block in serve'

  /var/canvas/vendor/bundle/ruby/2.2.0/gems/actionpack-4.2.7.1/lib/action_dispatch/journey/router.rb:30:in `each'

  /var/canvas/vendor/bundle/ruby/2.2.0/gems/actionpack-4.2.7.1/lib/action_dispatch/journey/router.rb:30:in `serve'

  /var/canvas/vendor/bundle/ruby/2.2.0/gems/actionpack-4.2.7.1/lib/action_dispatch/routing/route_set.rb:817:in `call'

  /var/canvas/gems/plugins/respondus_soap_endpoint/lib/respondus_soap_endpoint/middleware.rb:61:in `call'

  /var/canvas/vendor/bundle/ruby/2.2.0/gems/rack-1.6.4/lib/rack/etag.rb:24:in `call'

  /var/canvas/vendor/bundle/ruby/2.2.0/gems/rack-1.6.4/lib/rack/conditionalget.rb:25:in `call'

  /var/canvas/vendor/bundle/ruby/2.2.0/gems/rack-1.6.4/lib/rack/head.rb:13:in `call'

  /var/canvas/vendor/bundle/ruby/2.2.0/gems/actionpack-4.2.7.1/lib/action_dispatch/middleware/params_parser.rb:27:in `call'

  /var/canvas/app/middleware/request_throttle.rb:59:in `block in call'

  /var/canvas/app/middleware/request_throttle.rb:257:in `reserve_capacity'

  /var/canvas/app/middleware/request_throttle.rb:54:in `call'

  /var/canvas/vendor/bundle/ruby/2.2.0/gems/actionpack-4.2.7.1/lib/action_dispatch/middleware/flash.rb:260:in `call'

  /var/canvas/app/middleware/request_context_session.rb:25:in `call'

  /var/canvas/vendor/bundle/ruby/2.2.0/gems/rack-1.6.4/lib/rack/session/abstract/id.rb:225:in `context'

  /var/canvas/vendor/bundle/ruby/2.2.0/gems/rack-1.6.4/lib/rack/session/abstract/id.rb:220:in `call'

  /var/canvas/vendor/bundle/ruby/2.2.0/gems/encrypted_cookie_store-instructure-1.1.12/lib/encrypted_cookie_store.rb:47:in `call'

  /var/canvas/app/middleware/sessions_timeout.rb:22:in `call'

  /var/canvas/app/middleware/load_account.rb:12:in `call'

  /var/canvas/vendor/bundle/ruby/2.2.0/gems/actionpack-4.2.7.1/lib/action_dispatch/middleware/cookies.rb:560:in `call'

  /var/canvas/vendor/bundle/ruby/2.2.0/gems/activerecord-4.2.7.1/lib/active_record/query_cache.rb:36:in `call'

  /var/canvas/vendor/bundle/ruby/2.2.0/gems/activerecord-4.2.7.1/lib/active_record/connection_adapters/abstract/connection_pool.rb:653:in `call'

  /var/canvas/vendor/bundle/ruby/2.2.0/gems/actionpack-4.2.7.1/lib/action_dispatch/middleware/callbacks.rb:29:in `block in call'

  /var/canvas/vendor/bundle/ruby/2.2.0/gems/activesupport-4.2.7.1/lib/active_support/callbacks.rb:88:in `__run_callbacks__'

  /var/canvas/vendor/bundle/ruby/2.2.0/gems/activesupport-4.2.7.1/lib/active_support/callbacks.rb:778:in `_run_call_callbacks'

  /var/canvas/vendor/bundle/ruby/2.2.0/gems/activesupport-4.2.7.1/lib/active_support/callbacks.rb:81:in `run_callbacks'

  /var/canvas/vendor/bundle/ruby/2.2.0/gems/actionpack-4.2.7.1/lib/action_dispatch/middleware/callbacks.rb:27:in `call'

  /var/canvas/vendor/bundle/ruby/2.2.0/gems/actionpack-4.2.7.1/lib/action_dispatch/middleware/remote_ip.rb:78:in `call'

  /var/canvas/vendor/bundle/ruby/2.2.0/gems/actionpack-4.2.7.1/lib/action_dispatch/middleware/debug_exceptions.rb:17:in `call'

  /var/canvas/vendor/bundle/ruby/2.2.0/gems/actionpack-4.2.7.1/lib/action_dispatch/middleware/show_exceptions.rb:30:in `call'

  /var/canvas/vendor/bundle/ruby/2.2.0/gems/railties-4.2.7.1/lib/rails/rack/logger.rb:38:in `call_app'

  /var/canvas/vendor/bundle/ruby/2.2.0/gems/railties-4.2.7.1/lib/rails/rack/logger.rb:22:in `call'

  /var/canvas/vendor/bundle/ruby/2.2.0/gems/request_store-1.3.1/lib/request_store/middleware.rb:9:in `call'

  /var/canvas/app/middleware/request_context_generator.rb:49:in `call'

  /var/canvas/vendor/bundle/ruby/2.2.0/gems/rack-1.6.4/lib/rack/methodoverride.rb:22:in `call'

  /var/canvas/app/middleware/prevent_non_multipart_parse.rb:32:in `call'

  /var/canvas/vendor/bundle/ruby/2.2.0/gems/rack-1.6.4/lib/rack/runtime.rb:18:in `call'

  /var/canvas/vendor/bundle/ruby/2.2.0/gems/rack-1.6.4/lib/rack/sendfile.rb:113:in `call'

  /var/canvas/vendor/bundle/ruby/2.2.0/gems/railties-4.2.7.1/lib/rails/engine.rb:518:in `call'

  /var/canvas/vendor/bundle/ruby/2.2.0/gems/railties-4.2.7.1/lib/rails/application.rb:165:in `call'

  /var/canvas/vendor/bundle/ruby/2.2.0/gems/railties-4.2.7.1/lib/rails/railtie.rb:194:in `public_send'

  /var/canvas/vendor/bundle/ruby/2.2.0/gems/railties-4.2.7.1/lib/rails/railtie.rb:194:in `method_missing'

  /usr/lib/ruby/vendor_ruby/phusion_passenger/rack/thread_handler_extension.rb:97:in `process_request'

  /usr/lib/ruby/vendor_ruby/phusion_passenger/request_handler/thread_handler.rb:152:in `accept_and_process_next_request'

  /usr/lib/ruby/vendor_ruby/phusion_passenger/request_handler/thread_handler.rb:113:in `main_loop'

  /usr/lib/ruby/vendor_ruby/phusion_passenger/request_handler.rb:416:in `block (3 levels) in start_threads'

  /usr/lib/ruby/vendor_ruby/phusion_passenger/utils.rb:113:in `block in create_thread_and_abort_on_exception'

[- d2db3d86-6ddc-4d35-bb69-84dc4f699a01] Completed 401 Unauthorized in 4ms (Views: 0.1ms | ActiveRecord: 0.5ms)

[- d2db3d86-6ddc-4d35-bb69-84dc4f699a01] [STATSD] (total: 3.58) (view: 0.08) (db: 0.49) (sql_read: 1.00) (sql_write: 0.00) (sql_cache: 0.00) (active_record: 1.00) (cache_read: 1.00)

Seems like the the developer key that is being used does not even exist on my setup (self hosted). How do I make sure that a valid key is used?

Thanks,

Ahmed

[mal...@peergrade.io]

I know this is late responding to a thread with it's last updates 7 months and one and half years ago.

We had the same problem – the manually created access token was bound to the `developer_key` with ID = 2 – which had been "deleted" (`workflow_state = "deleted"`). We set it to `workflow_state = "active"` in the database, but after that we still had to delete the `developer_key/10000000000002` in the cache (Redis).

Then it worked.

Best,

Malthe