OAuth2 token (2019-07-09)
Original Post: Alexandra Neubert, Moderator, July 9, 2019 at 3:07 PM
The REST API uses OAuth2 that we are not sure how we can get the token.
It seems that the documentation (Panopto/oauth2/.well-known/openid-configuration) may have the answer, but we can't still tell how to create/get a token.
Can you let us know how to get this info?
Kevin Baum, Moderator, July 16, 2019 at 2:54 PM
We have two articles regarding how to get and use the OAuth2 access tokens.
Here is an article on creating and managing API Clients in Panopto:
Here is an article on how to get and use the OAuth2 access tokens with the REST API:
Please let me know if you have any questions. Thanks,
Kevin Baum, Moderator, July 16, 2019 at 2:56 PM
I apologize, it looks like the links didn't post properly. Here are the links again:
Creating and managing API Clients in Panopto
Getting and using OAuth2 access tokens:
Again, please let me know if you have any questions. Thanks,
Alexandra Neubert, Moderator, July 18, 2019 at 3:37 PM
@ Kevin Baum
- What does the YourClientAPIKey refer to? Just the Client Id? Or the Base64 encoded value of ClientId:ClientSecret?
- What am I supposed to put for the YourClientRedirectURL and GeneratedNonceValue?
- Can I simply put the link above in a web browser and it returns an access token?
Hoping we can get a response soon as this is a time-sensitive project.
Kevin Baum, Moderator, July 18, 2019 at 5:12 PM
Thank you for the follow up questions.
- is just the Client Id for the API client that you created in the UI. The Base64 encoded credentials are only needed when exchanging an authorization code for an access token, or when exchanging a refresh token for a new access token.
- is the URL to your application where the access token would be received. Once the user has successfully signed into Panopto, and the access token or authorization code has been generated, they would be redirected to this URL, with the access token or authorization code added. This should be linked to your application. is a random string generated by your application. It should be sent with the authorization request, and will also be sent back when the user is authorized. This is to allow your application to validate the access token is coming from your specific authorization request.
- No, the link in the documentation does not directly return an access token. Users should be redirected to this link (with the parameters filled in) in order to sign into Panopto to get an access token. After the user has been successfully signed in, they will be redirected back to your application (using the ClientRedirectURL). At this point, depending on the client type, you would also receive either an access token or an authorization code.
Please let me know if you have any other questions.