OAuth2 Flow with Server-side Web Application and Blackboard SSO
Hi,
I am developing a command-line (PowerShell) application to test the Panopto API from a development machine. I am trying to understand which API client to use. I have set up a Server-side Web Application API client, but I have not been able to successfully obtain an OAuth2 token. The last error that I got was re: HTTP 400 / Bad Request.
Our institution uses Blackboard to authenticate users, but as this test application does not use user credentials, I was not sure whether I needed to provide the UserKey, as described in section 2.1c of the support article "How to Get OAuth2 Access Tokens For Services" (https://support.panopto.com/s/article/oauth2-for-services#hTargetInstance1).
Which API client should I use for a command-line application in a development environment? Do I need to provide for Blackboard authentication with a Server-side Web Application?
Thank you.
Best Answer
-
Whit Ashley Tyro
I successfully ran the Python API examples, which contain all the necessary code for the OAuth2 flow. The issue that I was having with PowerShell was likely related to token handling and not related to Blackboard or the Identity Provider.
@Gareth Walker Thank you for the help!
1
Answers
Pending a better answer from Panopto themselves I can briefly share my experience.
For a command-line type tool there are two options I've had some success with: the server-side web application and the user-based server application.
For the server side, the theory is that if you pass in the necessary API credentials the first time you run then you'll be asked to log-in to Panopto online. That should then generate a token you can store and should subsequently refresh when needed, without you needing to log-in online each time you access.
For the user-based method, as well as the API credentials you also have the username and password as part of your application. This avoids the need to sign-on online with Panopto the first time you run, and may sidestep things like making sure you refresh tokens etc. -- but it's not considered best practice for Oauth. ('m not entirely show how this approach would work with SSO via Blackboard -- I've only ever used it by setting up a user as an internal Panopto account.)
The Panopto Python examples (linked below) give practical examples and instructions for trying out each of the authorisation methods -- look in each of the folders for a specific readme and instuctions.
If you search this forum for 'Postman' you should also find some threads for getting the REST API working that way, using the Server Side approach.
As usual, I'll also shout out Harvard's CLI for Panopto --- it hasn't been updated for a while, but nor has the Panopto API really; and in my experience it remains the simplest way of getting to grips with the SOAP API, which continues to have more functionality than the REST api.
https://github.com/harvard-dce/panopto-cli
Thank you for the suggestions. I will investigate those options as workarounds. It is not clear to me whether I should be targeting Panopto or Blackboard for the OAuth2 token. I see some other endpoints on the Identity Providers page that I have not yet seen referenced in the documentation; at least, not related to this specific workflow.
I recognize that I may need to change the type of API client that I am using, but I still have a question about whether a token can be obtained from Blackboard with a server-side web application client. For example, is Instance Name still the correct value to use from the Identity Providers page, or could it be one of the other endpoints, e.g., LTI 1.3 Token URL?