Correct OAuth2 scope for creating new News items

Matthew.T.222
Matthew.T.222 Posts: 19 🌱
edited November 2022 in Development

I am trying to incorporate News item creation (endpoint reference link) into my web app and am running into permissions/OAuth2 scope problems.

 

The API reference does not mention specific scope requirements for POSTing to /news, and this knowledge base article seems to suggest any route without specific notes should be covered under the `core:*:*` scope.

 

Is this accurate and I'm actually running into other permissions issues? Or is there a currently undocumented OAuth2 scope for this endpoint that I should be using? I'm able to create a new News item directly in the LMS UI, and my role has full admin privileges.

 

Thanks!

Tagged:

Answers

  • Richard.M.314
    Richard.M.314 Posts: 14
    edited November 2022

    Hi Matthew,

     

    You are correct in that this route requires the core:*:* scope. You are probably running into a permission issue. There are a handful of permissions in the Announcements Tool that control if you can create past, present or future dated announcements.

     

    Are you getting a 400 response code?

  • Matthew.T.222
    Matthew.T.222 Posts: 19 🌱
    edited November 2022

    Hi Richard,

     

    I'm getting a 403 response code which made me think it had to do with the OAuth scope/permissions. For testing endpoints methods, I've been using a test course that I'm enrolled in with the "All Access Role" in my org, and creating draft/published news items works on the frontend. I can't pinpoint where I might be able to check/change permissions for the Announcements Tool (would this be org-wide or course specific?)

     

    For debugging, here's some additional info and screenshots. Please let me know if there's anything that might be helpful, and thanks in advance for your help!

     

    OAuth2 scope: `content:*:* core:*:* news:*:* discussions:*:* quizzing:*:*`

     

    Postman testing News endpoint with 403 response:

    Screen Shot 2020-10-06 at 11.21.56 AM

     

    Postman testing similar Quizzing endpoint, with a 200 success:

    Screen Shot 2020-10-06 at 11.33.54 AM

  • Richard.M.314
    Richard.M.314 Posts: 14
    edited November 2022

    Hi Matthew,

     

    There's a note in the docs that indicate a new permission was added in version LE = 1.42 and above. This is the "Change Display Author Information Setting" permission in the announcements tool. Since it was added recently, your role may not have this permission. To check, just make the api call at version 1.41. All you need is See Announcements and Add/Edit/Delete announcement permissions for this call.

     

    You might also run into an small issue with a null start date. I don't believe this is allowed.

     

    -Richard

  • Matthew.T.222
    Matthew.T.222 Posts: 19 🌱
    edited November 2022

    Thanks Richard! You're right on both counts: my role must not include the new permission (making the API at v1.41 works) and the StartDate needs a value (`null` results in a 400 error).

     

    I was also able to locate the new "Change Display Author Information Setting" permission as well (Settings > Security > Roles and Permissions) and add it to my role. After making this change, I was able to get a successful 200 response using the API v1.46!

  • Eden.Thompson9432
    Eden.Thompson9432 Posts: 3 🌱
    edited November 2022

    I like to make friends here

  • Eden.Thompson9432
    Eden.Thompson9432 Posts: 3 🌱
    edited November 2022
  • Eden.Thompson9432
    Eden.Thompson9432 Posts: 3 🌱
    edited November 2022

    🥰🤲