What is the preferred method for obtaining the user ID used in the following Valence Grades API?
PUT /d2l/api/le/(D2LVERSION: version)/(D2LID: orgUnitId)/grades/(D2LID: gradeObjectId)/values/(D2LID: userId)
Is the user id here the same as the token ID received during authentication, or do you call the "whoami" API, or is it something else?
The "whoami" call provides data on the current UserContext you are working in (the token value you get back during the auth step). For example, if you are logged in as an Administrator, that would provide back the Administrator's userId.
WhoAmI API Call
GET /d2l/api/lp/(D2LVERSION: version)/users/whoami
This will give you the information on the current UserContext
{
"Identifier": "<string:D2LID>",
"FirstName": "<string>",
"LastName": "<string>",
"UniqueName": "<string>",
"ProfileIdentifier": "<string:D2LID>"
}
If you are looking for the UserIds for the users in a particular orgUnit, I would make the following call:
Classlist API Call
GET /d2l/api/le/(D2LVERSION: version)/(D2LID: orgUnitId)/classlist/
This will give you an array of ClasslistUsers
{
"Identifier": "<string:D2LID>",
"ProfileIdentifier": "<string:D2LID>",
"DisplayName": "<string>",
"UserName": "<string>|null",
"OrgDefinedId": "<string>|null",
"Email": "<string>|null"
}
The "Identifier" value in either case is the one you will want to use for (D2LID:UserId)
Related
I am using a vanilla configuration of the firebase Auth SDK. It is currently asking for all of these scopes.
I do not need profile picture or name, and would love to remove them. Is it possible?
Simple answer is No name, and picture permissions are granted to your application when you request the profile scope as part of signin.
explanation
Assuming you are following the example found here. If you check the lines called addScopes.
provider.addScope('profile');
provider.addScope('email');
This is where you define what permissions your applicating needs. The email and profile scopes are part of Google sign in (Open Id Connect) The profile scope give you access to some basic profile information about the user. Part of basic profile information is their picture.
These two claims are actually returned by the user info endpoint. This is the response from the userinfo endpoint when I authorized only with the profile scope.
{
"family_name": "Lawton",
"name": "Linda Lawton",
"picture": "https://lh3.googleusercontent.com/a-/AOh14GhroCYJp2P9xeYeYk1npchBPK-zbtTxzNQo0WAHI20=s96-c",
"locale": "en",
"given_name": "Linda",
"id": "1172004755376"
}
This is all default, so its not something you can change.
full example
// Using a redirect.
firebase.auth().getRedirectResult().then(function(result) {
if (result.credential) {
// This gives you the OAuth Access Token for that provider.
var token = result.credential.accessToken;
}
var user = result.user;
});
// Start a sign in process for an unauthenticated user.
var provider = new firebase.auth.OAuthProvider('google.com');
provider.addScope('profile');
provider.addScope('email');
firebase.auth().signInWithRedirect(provider);
I have a Rails API with minimal authentication - just a simple bearer token hooked up to Auth0.
I have one endpoint which looks like this:-
mysite.com/api/users/1/calendar.ics
The URL is unauthenticated, to allow people to subscribe to their calendars.
I'm basically trying to hide the id, and change it to a SecureRandom hex or something, so that other users can't just change the id and see other individuals' calendars.
How would I achieve this?
My front end would need some way of knowing what the encrypted string was - and since we only have bearer token auth, I'm not sure if it's secure enough to just pass the calendar URL into authenticated requests to users/1, for example:-
{
"id": 1,
"name": "John Smith",
"email": "email#email.com",
"intro": "string",
"calendar_url": "mysite.com/api/users/jUhGtDhajaluyt34/calendar.ics"
"created_at": "2021-05-13T16:15:09.748Z",
"updated_at": "2021-05-13T16:15:09.748Z"
}
Is delivery of the URL like this even a valid concern?
I'm using the twitter4j API and I want to see if, given the ID of a user's account, if that account has been deactivated.
You need to use users/show. It will give you an error code if the user has been suspended.
For example
https://api.twitter.com/1.1/users/show.json?screen_name=nero
Returns
{
"errors": [
{
"code": 63,
"message": "User has been suspended."
}
]
}
If you only have the ID, you can make a similar call - https://api.twitter.com/1.1/users/show.json?user_id=.....
With Twitter4J you use showUser and pass it either the string of the username, or the int of the user ID.
As far as I know there is no dedicated method to do this but using users/lookup (in your case this method) with the user ids you are getting back the the active users only. So if some id is missing from the response those users are the suspended ones.
Does any one know how to retrive D.O.B through Google OAuth api? I am able to get other information like name, email, gender by setting the scope as https://www.googleapis.com/auth/userinfo.profile. But I am not able to get D.O.B with this scope.
I definitely get it for my account:
{
"id": "108635752367054807758",
"name": "Nicolas Garnier",
"given_name": "Nicolas",
"family_name": "Garnier",
"link": "https://plus.google.com/108635752367054807758",
"picture": "https://lh4.googleusercontent.com/-K1xGP8W20xk/AAAAAAAAAAI/AAAAAAAABhY/Cs_4qr30MxI/photo.jpg",
"gender": "male",
"birthday": "0000-08-25",
"locale": "en"
}
all I did is authorize for the https://www.googleapis.com/auth/userinfo.profile scope and then sent a GET request to https://www.googleapis.com/oauth2/v2/userinfo
First make sure that the Google+ account that you are testing with has set a Birthday (of course), then try the request on the OAuth 2.0 Playground for instance: https://code.google.com/oauthplayground/#step1&apisSelect=https%3A//www.googleapis.com/auth/userinfo.profile&url=https%3A//www.googleapis.com/oauth2/v2/userinfo
It seems you have to send 2 requests:
https://www.googleapis.com/plus/v1/people/me (oauth v1)
https://www.googleapis.com/oauth2/v2/userinfo (oauth v2)
to get both google plus profile data and google account data (there are date of birthday and also locale if you need it)
I use scribes and it works ok. Set two scopes ("https://www.googleapis.com/auth/userinfo.profile https://www.googleapis.com/auth/plus.me") and send two requests for both REST links
Is there a REST Api available for D2L which can be used to make a course inactive?
If it is an existing course, you can use the PUT method to Update a current course offering and set IsActive to false.
PUT /d2l/api/lp/(D2LVERSION: version)/courses/(D2LID: orgUnitId)
It expects the following JSON object:
{
"Name": "<string>",
"Code": "<string>",
"StartDate": "<string:UTCDateTime>|null",
"EndDate": "<string:UTCDateTime>|null",
"IsActive": "<boolean>"
}
You will likely want to retrieve the course offering information first, and then modify the IsActive flag and send back the full object data.
GET /d2l/api/lp/(D2LVERSION: version)/courses/(D2LID: orgUnitId)