What are the possible values for scope in Canvas LMS? - canvas-lms

I have to pass scope in oauth2 flow in Canvas LMS but I don't know what are the possible values to pass.
I didn't see a complete list anywhere. This is the URL but I don't what to pass in scope. Any help?
http:///login/oauth2/auth?client_id=10000001&response_type=code&redirect_uri=https://my-test-url//home/oauth2response&state=30330943-16da-4371-865f-5512b6ec671f&&scope=value_1 value_2 value_n

The scope you can use depends on the endpoint you are using, as stated in the documentation:
[...] Canvas API scopes may be found beneath their corresponding endpoints in the "resources" documentation pages. [...]
As an example, for creating an assignment, the scopes which are defined are:
url:POST|/api/v1/courses/:course_id/assignments
Depending on the developer keys you are using, it might be possible that you don't need a scope parameter during the authentication process.

Related

Google Drive API Key which is read only

Our server is customer deployed and uses a Google Drive API key to obtain a tutorial file
listing via
https://www.googleapis.com/drive/v3/files?q=%27FILE_ID%27+in+parents+and+trashed=false&maxResults=1000&key=API_KEY&fields=files(name,webViewLink,id,kind,mimeType)
and file contents via
https://www.googleapis.com/drive/v3/files/FILE_ID/export&key=API_KEY
It is unclear how we can set that API key to be read only though.
I do not see anything on these pages for example,
https://developers.google.com/drive/api/guides/about-auth
https://cloud.google.com/docs/authentication/api-keys
The restrictions you can set to an API key can be found here, so it is not possible to do it this way. Now, the way to achieve what you are trying to do would be by setting up the project with the correct OAuth scopes and using read only scopes, but that can limit your implementation as sometimes the API needs more scopes.
For example, if you were trying to list users using the Directory API, you can see the list of scopes needed here. If you check the list you will see that there is a read only scope listed there.
So, in your project you could just use this specific scope for your implementation, but again some actions require more than just this scope to work, so you could be limited by that as well depending on what your implementation is doing.
Same example for the Drive API in your case. The list of scopes for the Files: list method are here, and you also have read only scopes as you can see in the image below.

What user data does the Google OAuth2 scope script.external_request give access to?

I'm attempting the verification process for an Apps Script web app that uses the URL Fetch service via class URLFetchApp. Per URLFetchApp documentation, this requires the scope https://www.googleapis.com/auth/script.external_request. I can't find any Google documentation for this scope, and it doesn't appear on this list of OAuth2 scopes. I'm having a hard time demonstrating how my app uses the data provided by the scope when I don't actually know what user data the scope provides. I mean, I don't think I'm using any user data... I'm just calling API executable functions from another Google Apps Script project.
What user data is this scope giving me access to? Or do I just need to explain why/how I'm using URLFetchApp?
If you head over the editor dashboard of your script, you will see further information about this scope stating :
Connect to an external service under project OAuth scopes.
Moreover, when you run your script for the first time, the permissions it is asking for are:
Create a network connection to any external service (e.g., to read or write data)
Therefore, despite not having much more description in the documentation (just in UrlFetchApp), I don't think you are using any user data apart from getting the user to use your script and connect to an external service.
I hope this has helped you. Let me know if you need anything else or if you did not understood something. :)
According the documentation if you wish to use UrlFetchApp Service then external_request is the scope you'll have to add to you manifest. Like it or not.
UrlFetch Service

Zabbix: expand macros in the name of the trigger, when retrieving events

I use event.get to retrieve events, and provide selectRelatedObject parameter to get what in my case is the corresponding triggers. The description for that trigger may contain macros, which arrive in non-expanded form. I haven't found any additional parameter I can provide to event.get to get these macros expanded.
Yes, I can call trigger.get with expandDescription on that particular trigger, but this will require sending additional request to Zabbix server.
So the question is: is it possible to get events with macros expanded for the corresponding triggers, with a single request? Thanks.
Unfortunately, that is not possible currently. A closely related feature request is https://support.zabbix.com/browse/ZBXNEXT-2768 - it is not completely clear whether it would result in a different value expansion support, or name expansion support for event.get.

Google API PHP Client - Choosing the right Scopes

From the Google documentation, there is an example that references a variable named $scopes:
$scopes = array('https://www.googleapis.com/auth/sqlservice.admin');
This is for sqlservice. I want to use a different scope. How do I choose the right scope? And how do I know it's the right service for what I want? Is there a list of scopes somewhere that match up to which URL's to use?
That line of code returns an array, even though there is no sqlservice.admin file in the auth folder.
I need to use the drive service.
I'm assuming that I should change that line to:
$scopes = array('https://www.googleapis.com/src/drive.php');
But how that integrates into the bigger picture, I don't understand. Do I also need to call OAuth2.php at some point?
I just realized that the array is pointing towards a https://www.googleapis.com/src/ web address and not a file. And I was looking at the OAuth 2.0 Playground, and there is a list of all the scopes.
And I just noticed that if I hover over an item in the list, a help context balloon appears.
So, I guess I can get a list of scopes and descriptions of the scopes from there, although I'd still like to know if there is an official list somewhere other than on the OAuth2 playground.
Each scope is a URN. They also seem to be URL's, but I don't think that's significant. For your app, it's just a string (or list/array of strings - you can specify more than one) that you need to spell correctly. Each Google service supports a range of scopes, each of which grants different permissions. Generally, somewhere within the documentation pages for each service, you'll find a single page that defines the available scopes. In the case of the Drive service, the scopes are defined at https://developers.google.com/drive/web/scopes

List ignores drive.file scope and shows shared files not created by the calling app

Our application uses the drive.file scope to make sure we only can see files of our users that have been created by our application.
However, a 'list' call returns files that have been shared with the user even though they are not created by our application.
That can be easily verified in the "Try it!" section of files/list API documentation.
Authorize with drive.file scope and run a simple list query without any parameters. That should return an empty list but in my case returns dozens of files that have been shared with me.
There was the same issue before (a slight variation only affecting queries with q parameter set): Listing files with search query returns out-of-scope results (drive.files.list call, using drive.files scope)
It has been fixed in the meantime but now it seems to be back for all list queries. It's problematic not mainly because it breaks our app that expects nothing but its own files. There is the privacy problem because I can suddenly see the file names of our users' private data, which they have never agreed to.
I believe this issue is due to the behavior of API Explorer, not Drive API itself. If API Explorer already has a token with OAuth scopes capable of making the call, it will use that so if previously given API Explorer a scope that can see all user files, you'll get them all back. Try revoking ALL Explorer tokens for your account at:
https://accounts.google.com/b/0/IssuedAuthSubTokens?hl=en
then, after clearing all cookies/sessions for developers.google.com, try creating a new token with ony the drive.file scope and attempt your API call again.
You should also note that files that are publicly shared will be returned.