caccl-authorizer
Advanced tools
Readme
Handles app authorization, redirecting users to the "Authorize this App" page, acquiring access tokens, and refreshing access tokens when they expire.
Your LTI app accepts launches at your launchPath via POST. caccl-authorizer uses that same path to kick off the Canvas authorization process: direct users to your launchPath via GET and they'll be authorized and then redirected to the defaultAuthorizedRedirect path.
Canvas
App
Complete
Connection
Library
After creating your express app but before adding routes, initialize caccl-authorizer to add routes and middleware to make authorization possible.
const initAuthorization = require('caccl-authorizer');
// TODO: create express app
initAuthorization({
app: /* express app with express-session enabled*/,
developerCredentials: {
client_id: /* developer client id */,
client_secret: /* developer client secret */,
},
canvasHost: /* your canvas host name */,
});
// TODO: add routes to express app
To authorize a user, redirect them to the launchPath via GET. caccl-authorizer will handle the entire authorization process then redirect them to the defaultAuthorizedRedirect path. After authorization, the user's access token will appear in the req object: req.accessToken.
Important: you must initialize caccl-authorizer before adding refreshed routes (see autoRefreshRoutes below).
When initializing caccl-authorizer, you can pass in many different configuration options to customize CACCL's behavior or turn on/off certain functionality.
Note: configuration options are optional unless otherwise stated
Important configuration options you probably should include.
| Config Option | Type | Description | Default/Required |
|---|---|---|---|
| app | express app | the server express app with express-session enabled | required |
| developerCredentials | object | canvas app developer credentials in the form: { client_id, client_secret } | required |
| canvasHost | string | canvas host to use for oauth exchange | canvas.instructure.com |
| allowAuthorizationWithoutLaunch | boolean | if true, allows user to be authorized even without a launch (when no LTI launch occurred and simulateLaunchOnAuthorize is false) | false |
Optional information about your app.
| Config Option | Type | Description | Default |
|---|---|---|---|
| appName | string | the name of the app for use in simulated launches and in errors | "this app" |
| launchPath | string | redirect users to this path via GET to kick off the authorization process | "/launch" |
Options that change how authorization functions. By default, when authorization is complete, the user will be redirected to /, and when the access token expires (after 1hr), it will automatically be refreshed when the user visits any route (*). The refresh tokens are stored in a memory token store. All of these features can be customized via the config options below.
| Config Option | Type | Description | Default |
|---|---|---|---|
| defaultAuthorizedRedirect | string | the default route to visit after authorization is complete (you can override this for a specific authorization call by including query.next. example: /launch?next=/profile) | "/" |
| autoRefreshRoutes | string[] | list of routes to automatically refresh the access token for (if the access token has expired), these routes must be added after caccl-authorizer has been initialized | ["*"] |
| tokenStore | TokenStore | null to turn off storage of refresh tokens, exclude to use memory token store, or include a custom token store (see these docs) | memory store |
Tip: we recommend setting autoRefreshRoutes to all the paths where you will need access to the Canvas API. Then, the accessToken will never have expired when the user visits one of those paths.
Enabling this feature allows users to visit the launchPath (GET), go through the authorization process, and then caccl-authorizer simulates an LTI launch. This essentially makes it possible for users to launch your app without visiting Canvas, simply by visiting the launchPath.
To enable this feature,
| Config Option | Type | Description | Default |
|---|---|---|---|
| simulateLaunchOnAuthorize | boolean | if true, simulates an LTI launch upon successful authorization (if the user hasn't already launched via LTI) | false |
After the authorization process, caccl-authorizer stores information in the user's session:
Possible values of req.session.authFailureReason:
FAQs
Unknown package
We found that caccl-authorizer demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Cyber insurance rates are dropping as the market matures, according to a new report projecting global premiums to reach $43 billion by 2030, driven by international market uptake and growth in the SME sector.
Research
Security News
Socket researchers unpack a typosquatting package with malicious code that logs keystrokes and exfiltrates sensitive data to a remote server.
Security News
The JavaScript community has launched the e18e initiative to improve ecosystem performance by cleaning up dependency trees, speeding up critical parts of the ecosystem, and documenting lighter alternatives to established tools.