whitmer
commented
11 years ago This should fix the problem. I thought there was an API check in there already but I guess not.
Closed Kulgar closed 11 years ago
whitmer
commented
11 years ago This should fix the problem. I thought there was an API check in there already but I guess not.
Kulgar
commented
11 years ago Thank you so much ! :) I'll let you know if we face the problem again! ;-)
Hi Whitmer,
Recently we faced a new issue in our Canvas application. Here is the scenario:
A user accesses a badge for the first time, the user then receives a message asking him to authorize canvabadges to get his Canvas information.
When the user clicks "agree", an Access Token is generated in Canvas and sent to canvabadges which then stores it in a new UserConfig data for latter use.
I think this is what's going on, right?
But then... The user deletes the access token from his profile webpage using the little "trash" button without knowing what he is really doing...
Then he wants to access another badge that he hasn't earned yet. But then, canvabadges throws an error:
I've did a lot of debugs, and used the console to redo the error... In fact this error is thrown because in views.rb line 148, we seek args[:student] but... args equals this: "
Error getting data from Canvas
" at this point, and so it produces that error message.So I did a little bit more investigations and found that the API could no longer authenticate my user... Why? I wondered...
I then checked the user's access_tokens in my Canvas database, and it appears that his access_tokens was completely empty, so I guessed that the user just deleted its access tokens from his profile. (user.access_tokens throws back: [] )
But... The UserConfig data associated to this user still exists in the database of canvabadges. So... When canvabadges is asking the Canvas API for information, it does send an access_token within the request but the authentication then fails as Canvas no longer has this token in its database because the user has deleted it.
What could we do to solve that?
I think the best way would be to ask for authorization again when the authentication fails because of an access token that no longer exists and then replace the old access token with the new one in the UserConfig data.
Would it be difficult to do that?
If I can do anything to help you solving this issue, let me know.
Best regards, Kulgar.