Status of People Directory Search in v3

[sunny-zuo]

I would like to inquire about the status of the People Directory Search endpoints in v3 of the API. My project, sir-goose-bot (and a few other Discord bots such as goose-bot and Stream4Bot), currently depend on the v2 endpoint, and I would love migrate over once the endpoint is available. Is the user directory considered a "key data endpoint" for the roadmap?

Thanks

[sbobkin]

Hi @sunny-zuo

People directory search in v2

Quite frankly, that endpoint should not have gone live in the Open Data API. As far as I'm aware there is no other source on campus that provides that level of information without requiring authenticated, and authorized access in programmatic form.

People directory search in v3

There will definitely not be an equivalent endpoint in v3. The data crosses the border to what we consider open and public data, and personally identifiable data that ties to an individual. The latter is outside of the scope of the Open Data project at this time.

Options

I want to try and see how we can make something like your goal achievable long term. It looks like you ask for a uwaterloo email, send a code, and then have the user enter it for verification.

What I think this endpoint gives you is the users real name, and the department? Is there anything else you're using?

[sunny-zuo]

@sbobkin Got it. For my bot, the only data that I'm using is the department of the user who has verified. All of the other data returned (for me) is unnecessary and ignored.

The goal is/was to allow Discord users to automatically get assigned a role based on their department (for example, users in SE are given the SE role in the SE 2025 Discord server, while users from other departments are given the Non-SE role), and thus, I would be happy with an endpoint that only returns a user's department from a given WatIAM username. I would also be fine authenticating with my WatIAM identity (similar to WatIAM Whitepages) if that is an option.

Would something like that be possible?

[johnaoss]

@sbobkin Also curious if there's any sort of auth flow planned for the API. For certain clubs or student groups that have typically public access (e.g. discord servers) it would be extremely useful to have some sort of mechanism to verify that the users joining are actually students (or alumni, but that's secondary).

If it proves to be not feasible for an API endpoint, would it be possible to provide some sort of limited integration with Active Directory (limited in scope to just e-mail ideally) to achieve the same things?

I was planning on implementing something along the lines of the same email flow that @sunny-zuo mentioned, however if there's some additional form of authorization/authentication possible instead that would work too!

[sbobkin]

Hi,

I believe the right answer to both these requests is to have the bots registered as applications in Azure/O365. Having the interested parties go through the OAuth flow, and explicitly authorize the bot/app to query the data requested.

This has a few challenges.

• It has not been done yet, as far as I'm aware.
• The name and basic bio information is there, I don't know if "department" or academic affiliation is.
• It would definitely require changing the bots, and registering them.

There are several other technical options, but the challenge is the consent piece needs to lie with the student/person. Let me see where we can make this work, in some capacity. I've confirmed the v2 endpoint you're using now will remain live for now.

[Kav-K]

Hi @sbobkin, apologies for bumping up this relatively old thread, but I was wondering in regards to your last comment if there have been any new plans made to introduce this registration functionality within Azure/O365, or even an authenticated AD integration? Is there any hope for us to gain (authenticated) access to those basic bio fields that were present in v2/userid?

[sbobkin]

I followed up on this, in summary it ended up with the thought that this can come from the Azure/O365 Graph APIs, but we had no update from the team responsible. We've asked for an update.

[sbobkin]

As an update, we've disabled the v2 APIs to the end of the week to get those we've not been able to get in touch with to act. I know there is no update on this people search functionality. I'll provide another update by end of this week.

[sbobkin]

@Kav-K @johnaoss @sunny-zuo

The update at this time is if a permanent staff member (ie: professor or full time staff) put in a request they would be able to get an app registration, and then have delegated (individual user approves the app) access to this information through the Graph API (Office365). The requesting person would be made the owner of the app registration and will be the contact.

There is currently no process, or agreement on granting app registration or this access to students. If it's something you want to try to move forward, you're welcome to open a request, but that's outside of the scope of Open Data.

The requests can be made to https://rt.uwaterloo.ca into the IST-ISC-iApps queue.

[sbobkin]

Closing this as I have no further action or update. The above is comment (https://github.com/uWaterloo/OpenData/issues/205#issuecomment-769873036) is the latest information I have.