I am creating an LTI tool, but do not see the user_image parameter being passed from Desire2Learn/Brightspace.
How can I retrieve this?
Brightspace does not pass this optional parameter in LTI launches. You can, however, use the Brightspace APIs to retrieve the current, launching user's profile image. (One subtle point there, though: as retrieving a user's profile image requires an (authorized) API call, you can store the API call to retrieve it as a URL, however, you'll need to wrap it with auth tokens when calling it.)
D2L's reference topic on their Remote Plugin service contains an extended example showing how a simple tool provider can use the Brightspace APIs in conjunction with an LTI launch
Related
I am making a web application that will automate some actions on Google AdWords. The web application can be used by anyone that has an AdWords account.
I am a bit puzzled by the AdWords API, as it is a different from other Google APIs, in terms that it needs two additional config parameters: developerToken and clientCustomerId, a per their documentation:
https://developers.google.com/adwords/api/docs/guides/first-api-call
When constructing the AdWordsClient object, I need to provide the developerToken and clientCustomerId, in order to push data to AdWords.
My question is whether these two parameters (developerToken, clientCustomerId) need to be different for each user that will use my web application?
It seems that I am able to post data to different accounts with an unrelated developerToken, which does not make sense.
Can I get the clientCustomerId from an API endpoint, so I don't require my users to manually input tokens and ids to the web app, and do the complete authentication with oAuth?
My code is working, I am asking more of the philosophy why I need these two parameters, and if I can avoid asking the user to manually copy them from the AdWords dashboard into my application?
The developer token identifies a given Adwords API developer and is used for RMF enforcement, rate limiting and the like. As you mentioned, this is different from other Google APIs, which I think has to do with the fact that it's not a publicly available API. You always have to use the developer token that was given to you as part of your API sign-up process and are not allowed to use another developer's one (thus there's no possibility to have a user of your application enter it on their own).
The clientCustomerId parameter refers to the specific Google Ads account that you want to interact with. As a given user (identified by the OAuth2 access token that you include in your request) might have access to a whole lot of different accounts, this always needs to be included.
As for how to obtain a list of accessible account given a user's credentials, you can use the CustomerService.getCustomers endpoint for that purpose. Quoting the docs, it will "return details of all the customers directly accessible by the user authenticating the call."
I cannot find a good working sample that calls the Graph API and retrieves the user's contacts from within an Azure Function. Part of the issue is a lack of documentation and samples as this seems new-ish. Is this even possible? I am trying to create a function that can take a phone number and check against the user's contacts to see if the contact exists. So far, the only way I can achieve authentication is to use Postman to retrieve a token manually. That token didn't even work to retrieve the contacts. I know I am doing something wrong but I think what I really need is the big picture. I'm missing something. Thank you for your help.
The auth token binding may help at least with the act of getting the token. In this case, if it's on behalf of the user invoking the function, you'll want to use the identity: userFromRequest setup. Keep in mind that for debugging, you'd still have to acquire a user token for the app and attach that to calls to your function, but you can use the function app's /.auth/login/aad and /.auth/me endpoints for that.
Make sure that your application registration has the Contacts.Read permission. This is required for the contacts API.Today, the UX for App Service Authentication / Authorization today links to the existing permissions UX, which unfortunately uses different names for things. I'd recommend navigating directly to the AAD section of the portal and selecting App registrations (Preview). Find your app registration there (defaults to same as your app name), and browse through the API permissions there. That way the right names show up and will match the Graph docs.
I am creating an application which will be deployed on various sites and will upload videos from each site to YouTube periodically. I have already got videos uploading but ideally each site would have its own channel.
I had a search to see if anyone has encountered this issue (Don't reinvent the wheel, right?) but the only thing that I found was a couple of threads referencing the onBehalfOfContentOwner parameter detailed in the api here.
This isn't relevant to me as I'm not a content partner; at least I don't think I am. The Google API help documents then sent me here, so here I am.
I have created a YouTube brand account with, for the moment, two channels. Obviously, each one has their own channel id. So far I have tried the following:
Specifying the ChannelId when creating a Video Snippet, I couldn't see anywhere else to set it or an appropriate object to use. I tried with two different channel ids using the same OAuth credentials.
Creating two separate api projects with two unique OAuth credentials and then loading these credentials at runtime. I was only using one set of credentials throughout the lifetime of the app and then changed to the second credential set once I had tested that the upload was still working. The first credential set that I used prompted me to login and
subsequently select an account. The second set didn't prompt me at
all but the video was uploaded on the same account that I had
selected previously. I was logged out of YouTube and my browser was
closed in both instances; the browser does not store any details once it is closed.
I guess really my question is this. What is the best practice for specifying which channel you want to upload to? The application I'm using will be running automatically at set times, so I cannot have user interaction during the upload process. (Selecting an account during initial setup would be fine though!)
Any help is greatly appreciated. Thanks in advance.
EDIT:
I found that the API automatically uses an access token on the local machine if one is present in C:\Users{USERNAME}\AppData\Roaming\Google.Apis.Auth ; even if I am using a different OAuth credential in my application. Deleting the access token file will cause a login prompt to appear the next time you use the api from this machine.
For my application, this will be acceptable as when I deploy there is only the need for a one-time login and gain the access token which will then refresh every hour. It will also mean that I can choose which account/channel I am uploading to for each of our sites. Whilst I acknowledge the answer given by MαπμQμαπkγVπ.0, I do not believe that this is applicable here given that I am not a content partner as previously mentioned.
If someone can tell me how to do this through code instead of deleting the access token, that would of course be a preferred solution. (Or let me know that I am a content partner so I can try the onBehalf parameter)
I found that removing the OAuth token on the PC that my application is running on allows me to reselect the account/channel that I'm uploading to.
It appears that the authorised channel is determined using this token and once present it will automatically refresh every hour. Seeing as one PC will only ever upload to one channel for a given site, I think it is acceptable that I will have to go through a one time setup for each site to gain a token.
When you want to specify the channel you need to upload the video, i think you may need this parameter in your code:
onBehalfOfContentOwnerChannel- This parameter can only be used in a
properly authorized request. This parameter can only be used in a
properly authorized request. Note: This parameter is intended
exclusively for YouTube content partners.
The onBehalfOfContentOwnerChannel parameter specifies the YouTube
channel ID of the channel to which a video is being added. This
parameter is required when a request specifies a value for the
onBehalfOfContentOwner parameter, and it can only be used in conjunction with that parameter. In addition, the request must be
authorized using a CMS account that is linked to the content owner
that the onBehalfOfContentOwner parameter specifies. Finally, the
channel that the onBehalfOfContentOwnerChannel parameter value
specifies must be linked to the content owner that the
onBehalfOfContentOwner parameter specifies.
This parameter is intended for YouTube content partners that own and
manage many different YouTube channels. It allows content owners to
authenticate once and perform actions on behalf of the channel
specified in the parameter value, without having to provide
authentication credentials for each separate channel.
How do you make a request to Google to get a user's profile information with the returned tokens from Azure Mobile Apps? Specifically I am using the iOS Microsoft SDK in Objective-C.
I found this article but it looks to be referencing old information based on the date and the response that was returned.
I also tried calling /.auth/me as a GET request, but that returned Cannot GET /api/.auth/me
You need to make an HTTP request to /.auth/me, but without using the custom API support that's in the iOS SDK. In other words, use NSURLRequest directly, and not MSClient.invokeAPI. Your call needs to be authenticated, so put the token from client.currentUser.mobileServiceAuthenticationToken in the X-ZUMO-AUTH header.
We have an open feature request to add a method to the client SDKs to make this easier: https://github.com/Azure/azure-mobile-apps/issues/30.
And, you're right that your article was referencing information on Azure Mobile Services, which behaves completely differently when it comes to authentication.
One of our integrations uses the D2LWS UserManagementService to convert a username to userId. We receive the username, firstname and lastname of the student when they click through an LTI request, but we need the numeric userId for some of the other Valence API calls.
We would like to reduce our dependency on the D2LWS before they are retired, so we are wondering if there is an equivalent Valence API call that can be used to do this conversion?
There are many ways for a client application to fill out its understanding of an LMS user identity's properties. It is also noteworthy to remember that the D2LWS platform is essentially optimized for service-to-service level operational trust, while the newer Valence platform is optimized for user-to-service operational trust -- this means that all Valence calls must happen in the context of some real, authenticated LMS user account (in the sense that in order to make calls, the client application must first request to acquire a user ID/Key pair for an authenticated user).
If your client service will always be contacted or prompted by the LMS with an LTI launch, then you will have enough capacity from that launch to begin (please see this detailed topic on combining Valence calls with LTI around our Remote Plugin service). There should be a real LMS user that would have initiated that launch somehow, from a logged-in LMS session. Therefore, after the LTI launch, your service can turn right around and make a call to the LMS to request user tokens for the currently auth'd user and this user should almost certainly be the LTI-launching user.
Typically, for services that get contacted from an LTI launch and then want to use Valence, we recommend that you establish a user context immediately after the launch and make a whoami call: this can serve multiple purposes -- it can establish that you have a dependable set of user tokens you can use to make Valence calls on behalf of the launching user, and you can use the information retrieved in the WhoAmIUser data structure to assist in filling out the context of your user identity.
For your particular purposes, the WhoAmIUser data structure contains the first name, last name, unique name (user name), and LMS profile identifier for the launching user, as well as the LMS user identifier (Identifier) property that you can use in the context of other Valence calls should you need to. However, you should also strongly consider a shift to the user-to-service approach: when all the calls take place within the context of a particular user, you may discover that your best route is employing all the "my" routes to fill out the user experience you present to a user -- keep in mind that the user's credentials you employ with your Valence API calls restrict your access to functionality and data exactly as that user would be restricted in the course of his or her normal interactions with the LMS through its web UI.