caccl-authorizer
Advanced tools
Acquires Canvas tokens through via OAuth, stores refresh tokens, and refreshes access tokens when they expire.
Handles app authorization, redirecting users to the "Authorize this App" page, acquiring access tokens, and refreshing access tokens when they expire.
Your LTI app accepts launches at your launchPath via POST. caccl-authorizer uses that same path to kick off the Canvas authorization process: direct users to your launchPath via GET and they'll be authorized and then redirected to the defaultAuthorizedRedirect path.
Canvas
App
Complete
Connection
Library
After creating your express app but before adding routes, initialize caccl-authorizer to add routes and middleware to make authorization possible.
const initAuthorization = require('caccl-authorizer');
// TODO: create express app
initAuthorization({
app: /* express app with express-session enabled*/,
developerCredentials: {
client_id: /* developer client id */,
client_secret: /* developer client secret */,
},
canvasHost: /* your canvas host name */,
});
// TODO: add routes to express app
To authorize a user, redirect them to the launchPath via GET. caccl-authorizer will handle the entire authorization process then redirect them to the defaultAuthorizedRedirect path. After authorization, the user's access token will appear in their session: req.session.accessToken.
Important: you must initialize caccl-authorizer before adding refreshed routes (see autoRefreshRoutes below).
When initializing caccl-authorizer, you can pass in many different configuration options to customize CACCL's behavior or turn on/off certain functionality.
Note: configuration options are optional unless otherwise stated
Important configuration options you probably should include.
| Config Option | Type | Description | Default/Required |
|---|---|---|---|
| app | express app | the server express app with express-session enabled | required |
| developerCredentials | object | canvas app developer credentials in the form: { client_id, client_secret } | required |
| canvasHost | string | canvas host to use for oauth exchange | canvas.instructure.com |
| allowAuthorizationWithoutLaunch | boolean | if true, allows user to be authorized even without a launch (when no LTI launch occurred and simulateLaunchOnAuthorize is false) | false |
Optional information about your app.
| Config Option | Type | Description | Default |
|---|---|---|---|
| appName | string | the name of the app for use in simulated launches and in errors | "this app" |
| launchPath | string | redirect users to this path via GET to kick off the authorization process | "/launch" |
Options that change how authorization functions. By default, when authorization is complete, the user will be redirected to /, and when the access token expires (after 1hr), it will automatically be refreshed when the user visits any route (*). The refresh tokens are stored in a memory token store. All of these features can be customized via the config options below.
| Config Option | Type | Description | Default |
|---|---|---|---|
| defaultAuthorizedRedirect | string | the default route to visit after authorization is complete (you can override this for a specific authorization call by including query.next. example: /launch?next=/profile) | "/" |
| autoRefreshRoutes | string[] | list of routes to automatically refresh the access token for (if the access token has expired), these routes must be added after caccl-authorizer has been initialized | ["*"] |
| tokenStore | TokenStore | null to turn off storage of refresh tokens, exclude to use memory token store, or include a custom token store (see these docs) | memory store |
Tip: we recommend setting autoRefreshRoutes to all the paths where you will need access to the Canvas API. Then, the accessToken will never have expired when the user visits one of those paths.
Enabling this feature allows users to visit the launchPath (GET), go through the authorization process, and then caccl-authorizer simulates an LTI launch. This essentially makes it possible for users to launch your app without visiting Canvas, simply by visiting the launchPath.
To enable this feature,
| Config Option | Type | Description | Default |
|---|---|---|---|
| simulateLaunchOnAuthorize | boolean | if true, simulates an LTI launch upon successful authorization (if the user hasn't already launched via LTI) | false |
FAQs
Acquires Canvas tokens through via OAuth, stores refresh tokens, and refreshes access tokens when they expire.
The npm package caccl-authorizer receives a total of 225 weekly downloads. As such, caccl-authorizer popularity was classified as not popular.
We found that caccl-authorizer demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Node.js will be enforcing stricter semver-major PR policies a month before major releases to enhance stability and ensure reliable release candidates.
Security News
Research
Socket's threat research team has detected five malicious npm packages targeting Roblox developers, deploying malware to steal credentials and personal data.
Security News
vlt introduced its new package manager and a serverless registry this week, innovating in a space where npm has stagnated.