core:*:* scope
Hi everyone,
I had a quick question.
One of our partners who handles our student advising for one of our programs has requested access to OAuth2.0. They gave us the scope and API calls they were requesting access to. The dropbox/assignment APIs don't have their own scope as most of the tools do, so they're just included in core:*:*.
Is there anything that provides write access under core:*:*? That is our primary concern. We have no issue providing them read access to any of the student data they're advising or anything else they would see if they used one of their logins, but don't want to grant them write access.
The API documentation provides a list of all of the scopes and the API calls they include except the core:*:* scope.
Thank you!
Answers
-
I believe the core:*:* scope includes all read/write permissions.
Note
Not all of the Learning Framework API action yet have specific scopes defined for them. All these actions without specific scopes defined can be used with a single, “legacy” scope (core:*:*), so if your application uses any such actions, you should register to use that scope and declare it when requesting access tokens.
-
A good place to ask this question is here:
This is specifically for our developer community.
