By: Elaine Jones, Product Manager
D2L is aware that a small number of API scopes do not adhere to our current implementation approach. When created, API scopes are configured in a way that allow access to either read or manage data – however where a single scope covers both read and manage data, we will be making changes to separate these scopes. This ensures consistency and clarity when deciding upon which scopes are right for the application you are registering.
The following scopes have been identified as ones that are named in a way that suggests they only allow for reading data; however, these scopes apply to read and manage data. Please note that Brightspace permissions still gate the ability to manage data, regardless of how the scopes below are utilized in registering an application:
content:modules:read
content:topics:read
discussions:forums:read
discussions:posts:read
discussions:topics:read
Documentation regarding these scopes and routes they are used against can be found in the authentication scopes table in our Developer Platform.
We recognize the need to ensure consistency in how our scopes are named, and so we will be making changes in the April 2023/20.23.04 release to add more granular scopes to the associated API routes. Any newly registered application should use these new scopes moving forward - these will be documented in the Developer Platform as of the April 2023/20.23.04 release. There will be no changes to the current read scopes and the API routes they work against at this time. Any future deprecation plans will be announced in a future release as a high impacting change.
We ask that administrators:
- Review any apps that you have registered to see if they use any of the above list of scopes in order to decide if you wish to move to using the new scopes. In the case of 3rd party applications, the owner of the application may need to be consulted with to determine the scopes in use.
- No change to the registered scopes is required at this time.
- We would advise reviewing any Brightspace permissions for accounts using the applications [PL1] to ensure they are being provided the correct permissions.
- If you wish to utilize the new scopes for your app then you would need to
- Have the application owner make changes to the registered scopes in Manage Extensibility
- The new scopes will need to be requested by the tool when an access token request occurs
- The tool will need to verify that the access token they get back has the new scopes before attempting to make a call to manage data, otherwise an “insufficient scope” error will be returned
If you have any concerns regarding the above, please contact your Technical Account Manager. As of the April 2023/20.23.04 release we can also assist with making immediate changes to deprecate the existing read scopes if required.