Bypass redirect when doing OAUTH2 login

Options
Malcolm.D.216
Malcolm.D.216 Posts: 1 🌱
in Development

I have an application that authenticates to D2L using OAUTH2. Our D2L instance is configured to redirect to a single-sign-on page that authenticates against Active Directory. The account my application uses is local to D2L though, it does not exist in Active Directory.

If I do an interactive login I can access this account by adding "noRedirect=1" to the login URL

(https://xxx.desire2learn.com/d2l/login?noRedirect=1) but I don't see any equivalent option for the OAUTH2 login string. When I tried to do the OAUTH2 login it gets redirected to the SSO page which does not let me access the local account.

Is there any way to configure a "noRedirect" option for OAUTH2?

· Share on Twitter

Answers

  • Ivan.N.979
    Ivan.N.979 Posts: 4
    Options

    Hello Malcolm,

    Thank you for contacting us through the Brightspace community!

    We do not support using any OAuth2 workflow other than the auth code grant workflow for third-party clients.

    This requires a third-party user driving a web browser to log in to Brightspace.

    This is because we require all access tokens (and API calls) for third parties to be associated with an identified Brightspace user (because it’s that user’s enrollment role in the context that largely determines what the API caller can and can’t do with API calls).

    Thanks,

    Ivan

    · Share on Twitter
  • Malcolm.D.216
    Malcolm.D.216 Posts: 1 🌱
    Options

    Thanks for your response Ivan. I think maybe my question wasn't clear enough. I intend to get OAUTH2 credentials for an identified Brightspace user through this process. However this user will be a specialized Brightspace user set up to work with my application as opposed to being a student or teacher. The reason for using this approach is because the app needs to perform some API calls that we don't want to make available to all users.

    Our system is set up to redirect to Microsoft ADFS to verify users but that only works for accounts associated with a student or teacher. If the redirect to ADFS was not in place my app would display a window where the Brightspace credentials for this user would be entered but because of the redirect it tries to display the institutional login screen. For an interactive login to D2L there is the "noRedirect=1" option that can be added to the URL to cause D2L to authenticate against it's internal user data rather than redirecting to an institutional login. I was hoping for an equivalent feature that could be used with an OAUTH2 login.

    · Share on Twitter
  • Arald.d.320
    Arald.d.320 Posts: 14 🌱
    Options

    We are looking for a similar solution. For our API integrations we use local accounts and so we want to use the local login instead of the SSO route. I believe this workflow should be supported. Now when using a tool like Postman you have to trick things and dive into consoles to go tot the local login page. This kind of tricks should not be necessary

    · Share on Twitter

Categories