API doesn't work (Invalid access token)

[huangdengpan]

Summary:

I am trying to get courses through API on my new canvas server, like this:

https://lms.com/api/v1/courses?access_token=<token>

But it shows the error:

{"errors":[{"message":"Invalid access token."}]}

I am sure the access_token is usable, I get it from my setting page.

It works on my another canvas server:

https://lms.famousedu.com/api/v1/courses?access_token=<token>

So, I am not sure is there any settings need to change?

[huangdengpan]

I installed it on my local-network at yesterday, maybe there is some problems with this version ?

[sdb1228]

Hey @huangdengpan Can you give us more information about how you are hitting this url? Are you using postman or trying to access it through the browser?

[huangdengpan]

Dear Mr. Burnett,

Here is the API address: http://202.121.178.226:880/api/v1/courses?access_token=nwWgNpGyKZZevEv3uMXvtMDLZejBXpO79yhAjxTqaqD1ldF5Oajqtq6DhZYVe8DM

I’m sure the access_token is correct. If I use Oauth to create an access_token, the access_token is working.

[cid:FF883F0C-C55E-4286-A1D1-7B3B57E4D4BE]

在 2018年7月29日，下午10:18，Steven Burnett notifications@github.com<mailto:notifications@github.com> 写道：

Hey @huangdengpanhttps://github.com/huangdengpan Can you give us more information about how you are hitting this url? Are you using postman or trying to access it through the browser?

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHubhttps://github.com/instructure/canvas-lms/issues/1324#issuecomment-408680893, or mute the threadhttps://github.com/notifications/unsubscribe-auth/AP5DbL71U69QiOCGBXf1lDpASOEiWbEdks5uLcRFgaJpZM4VXxq-.

[sdb1228]

Hey @huangdengpan is the access token you are using here http://202.121.178.226:880/api/v1/courses?access_token=nwWgNpGyKZZevEv3uMXvtMDLZejBXpO79yhAjxTqaqD1ldF5Oajqtq6DhZYVe8DM created on a users account or created via the oauth? tokens generated through oauth have a pretty short expiration time period (I think by default its 30 minutes? Could be wrong here) You should be able to go to /profile/settings and see all your access tokens that are in use to see if it has expired.

[huangdengpan]

I used a student's account created the access_token by the settings page. There's no time limit for expiration.

[sdb1228]

Hmmm Dangit! I thought for sure that was it. I would open up a rails console and look at that access token to ensure its accuracy. If other access tokens on your account are working and this one isn't the only things I can think of are that its 1. expired or 2. inaccurate. If you can reproduce this behavior with another access token let me know! For now though I am going to close this out until we have more reproduction steps.

[huangdengpan]

I already tested the access_token feature on 4 canvas system, the old version before 5 of May is working. But the newer version is not working. All the access_tokens I get through Oauth is working. And I am sure the custom access_token is the same as the "Access Token Details" page shows.

[sdb1228]

Have you tried with any other user? Are all users access tokens broken? I just tried on release/2018-08-04.07 as well as release/2018-07-14.24. I just checked out a fresh master as well and was unable to reproduce :(. Is there any other information you can give us about this? Any other reproduction steps?

[sdb1228]

I would also ensure all your migrations have ran successfully db/migrate/20180522203135_backfill_dev_key_account_bindings_for_deleted_keys_migration.rb was added around that time and would need to have finished successfully.

[mcfilib]

i know this isn't much help from a reproduction steps perspective but this is something i've bumped my head up against this morning with a canvas instance i deployed at the end of october last year.

[mcfilib]

upgrading to the latest stable branch fixed it for me.

[schrink]

I have exactly the same issue. All of the keys stopped working all of a sudden. API worked for years normally and I updated to the latest stable few days ago. And it worked well until few hours ago. I haven't changed anything. How is this possible? Do you have any idea what it might be?

[nhmduc]

I have exactly the same issue. All of the keys stopped working all of a sudden. API worked for years normally and I updated to the latest stable few days ago. And it worked well until few hours ago. I haven't changed anything. How is this possible? Do you have any idea what it might be?

I have the same issue today ! :(

[vmiheer]

I got same issue today.

[ralphotowo]

Was anyone able to fix this? We just upgraded today and we have same issue.

[Ardena]

If you look at the token in the rails console, does it show an "expires_at" timestamp in the past? Currently when I create a token in the UI, it shows "expires at" as blank, but still adds an expires_at into the token on creation. If you remove the expires_at on the token, it should fix the issue for that token.

If your tokens are showing the expires_at field with a date in them, you probably have a "User-Generated" DeveloperKey with auto_expire_tokens set to true. This commit prevents that from happening in the future, https://github.com/instructure/canvas-lms/commit/8ac2663d577c8dea7822c320f730354b41de0269, but for anyone seeing the above issue, you'll need to change the field to false.

[ralphotowo]

Thank you for your response @Ardena. We accessed the console and didn't find an "expires_at" for the token. From the console, everything appears to be fine, however the API still responds with "Invalid access token." Any ideas?

[Ardena]

Hmm. I'm not having that issue right now, though I have a vague recollection of having to recreate an access token a while ago. What does the associated developer key look like? Are you only having problems with existing tokens? Or do new tokens fail too? What APIs are you using the tokens for?

[huangdengpan]

check redis-server status