Overview
Feedback Aide uses the OAuth authorization framework with the client credentials grant type to handle authentication.
A token with limited scope is used for all API requests. This means the token grants access only to specific resources or actions as specified within the scope. To get a token, you need to authenticate with your Learnosity OAuth key and secret.
Note - the OAuth key and secret are not the same as the standard Learnosity key and secret. Contact support if you need help.
To get a token, you need to use your learnosity-oauth-key and learnosity-oauth-secret against the token endpoint - and it will return a token that you can use in your subsequent requests.
Once you obtain a token, you can learn how to use it by visiting the Getting Started guide.
Understanding Scopes
Scopes define the level of access that the token grants. When requesting a token, you need to specify the scopes that your application requires. Each scope grants access to specific resources or actions.
Here are the required scopes for the Feedback Aide API:
-
api:feedbackaide
- Grants access to the Feedback Aide API. -
feedback_session_uuid:{your-feedback-session-uuid}:{permissions}
Grants access to a specific feedback session specified by the UUID.
The permissions can be:-
feedback_session_uuid:{your-feedback-session-uuid}:RO
Grants read-only access to the feedback session. Use this scope when initializing the API for review. -
feedback_session_uuid:{your-feedback-session-uuid}:RW
Grants read and write access to the feedback session. Use this scope when initializing the API for grading.
-
-
state:{grade|review}
- Grants access to initializing the API in the given state.-
state:grade
- Grants access to initialize in grading state. -
state:review
- Grants access to initialize in learner review state.
-
Token request code examples
In the examples below, there are three variables that need to be replaced:
- your-learnosity-oauth-key - replace with the key provided to you.
- your-learnosity-oauth-secret - replace with the secret provided to you.
-
your-feedback-session-uuid - replace this with the
feedback_session_uuid
you want to access.
cURL Example
curl -X POST 'https://feedbackaide.learnosity.com/api/token' \
-u 'your-learnosity-oauth-key:your-learnosity-oauth-secret' \
-d 'grant_type=client_credentials' \
-d 'scope=api:feedbackaide feedback_session_uuid:your-feedback-session-uuid:RW state:grade'
This will return a token as follows:
{
"access_token": "3e1db5b8-68fd-497d-9221-c98f3d5bb457",
"token_type": "bearer",
"expires_in": 7200
}
Python Example
1. First, install the required dependencies:
python -m venv oauthenv
source oauthenv/bin/activate
pip install requests requests-oauthlib
2. Create a sample Python code file, called oauth_test.py
from oauthlib.oauth2 import BackendApplicationClient
from requests.auth import HTTPBasicAuth
from requests_oauthlib import OAuth2Session
# Define the client ID, client secret, feedback_session_uuid and token URL
client_id = 'your-learnosity-oauth-key'
client_secret = 'your-learnosity-oauth-secret'
feedback_session_uuid = 'your-feedback-session-uuid'
token_url = 'https://feedbackaide.learnosity.com/api/token'
scope = ['api:feedbackaide', f'feedback_session_uuid:{feedback_session_uuid}:RW', 'state:grade']
# Create an OAuth2 session and fetch the token
auth = HTTPBasicAuth(client_id, client_secret)
client = BackendApplicationClient(client_id=client_id)
oauth = OAuth2Session(client=client)
token = oauth.fetch_token(token_url=token_url, auth=auth, scope=scope)
print(token)
python oauth_test.py
3. This will return a token as follows:
{
"access_token": "3e1db5b8-68fd-497d-9221-c98f3d5bb457",
"token_type": "bearer",
"expires_in": 7200
}
PHP Example
1. First, install the Guzzle client:
composer require guzzlehttp/guzzle
2. Create a PHP test file as follows:
<?php
require 'vendor/autoload.php';
use GuzzleHttp\Client;
$client = new Client();
# Define the client ID, client secret, feedback_session_uuid and token URL
$client_id = 'your-learnosity-oauth-key'
$client_secret = 'your-learnosity-oauth-secret'
$feedback_session_uuid = 'your-feedback-session-uuid'
$token_url = 'https://feedbackaide.learnosity.com/api/token'
$response = $client->post($token_url, [
'auth' => [$client_id, $client_secret],
'form_params' => [
'grant_type' => 'client_credentials', // Per OAuth spec, must always be included
'scope' => 'api:feedbackaide feedback_session_uuid:' . $feedback_session_uuid . ':RW state:grade',
],
]);
echo $response->getBody();
3. This will return the token as follows:
{
"access_token": "3e1db5b8-68fd-497d-9221-c98f3d5bb457",
"token_type": "bearer",
"expires_in": 7200
}