Feedback Aide Security Tokens

Overview

Feedback Aide uses the OAuth authorization framework with the client credentials grant type to handle authentication.

A token with limited scope is used for all API requests. This means the token grants access only to specific resources or actions as specified within the scope. To get a token, you need to authenticate with your Learnosity OAuth key and secret.

Note - the OAuth key and secret are not the same as the standard Learnosity key and secret. Contact support if you need help.

To get a token, you need to use your learnosity-oauth-key and learnosity-oauth-secret against the token endpoint - and it will return a token that you can use in your subsequent requests.

Once you obtain a token, you can learn how to use it by visiting the Getting Started guide.

Understanding Scopes

Scopes define the level of access that the token grants. When requesting a token, you need to specify the scopes that your application requires. Each scope grants access to specific resources or actions.

Here are the required scopes for the Feedback Aide API:

  • api:feedbackaide - Grants access to the Feedback Aide API.
  • feedback_session_uuid:{your-feedback-session-uuid}:{permissions}
    Grants access to a specific feedback session specified by the UUID.
    The permissions can be:
    • feedback_session_uuid:{your-feedback-session-uuid}:RO
      Grants read-only access to the feedback session. Use this scope when initializing the API for review.
    • feedback_session_uuid:{your-feedback-session-uuid}:RW
      Grants read and write access to the feedback session. Use this scope when initializing the API for grading.
  • state:{grade|review} - Grants access to initializing the API in the given state.
    • state:grade - Grants access to initialize in grading state.
    • state:review - Grants access to initialize in learner review state.

Token request code examples

In the examples below, there are three variables that need to be replaced:

  1. your-learnosity-oauth-key - replace with the key provided to you.
  2. your-learnosity-oauth-secret - replace with the secret provided to you.
  3. your-feedback-session-uuid - replace this with the feedback_session_uuid you want to access.

cURL Example

curl -X POST 'https://feedbackaide.learnosity.com/api/token' \
-u 'your-learnosity-oauth-key:your-learnosity-oauth-secret' \
-d 'grant_type=client_credentials' \
-d 'scope=api:feedbackaide feedback_session_uuid:your-feedback-session-uuid:RW state:grade'

This will return a token as follows:

{
"access_token": "3e1db5b8-68fd-497d-9221-c98f3d5bb457",
"token_type": "bearer",
"expires_in": 7200
}

Python Example

1. First, install the required dependencies:

python -m venv oauthenv
source oauthenv/bin/activate
pip install requests requests-oauthlib

2. Create a sample Python code file, called oauth_test.py

from oauthlib.oauth2 import BackendApplicationClient
from requests.auth import HTTPBasicAuth
from requests_oauthlib import OAuth2Session

# Define the client ID, client secret, feedback_session_uuid and token URL
client_id = 'your-learnosity-oauth-key'
client_secret = 'your-learnosity-oauth-secret'
feedback_session_uuid = 'your-feedback-session-uuid'
token_url = 'https://feedbackaide.learnosity.com/api/token'
scope = ['api:feedbackaide', f'feedback_session_uuid:{feedback_session_uuid}:RW', 'state:grade']

# Create an OAuth2 session and fetch the token
auth = HTTPBasicAuth(client_id, client_secret)
client = BackendApplicationClient(client_id=client_id)
oauth = OAuth2Session(client=client)
token = oauth.fetch_token(token_url=token_url, auth=auth, scope=scope)

print(token)
python oauth_test.py

3. This will return a token as follows:

{
"access_token": "3e1db5b8-68fd-497d-9221-c98f3d5bb457",
"token_type": "bearer",
"expires_in": 7200
}

PHP Example

1. First, install the Guzzle client:

composer require guzzlehttp/guzzle

2. Create a PHP test file as follows:

<?php
require 'vendor/autoload.php';

use GuzzleHttp\Client;
$client = new Client();

# Define the client ID, client secret, feedback_session_uuid and token URL
$client_id = 'your-learnosity-oauth-key'
$client_secret = 'your-learnosity-oauth-secret'
$feedback_session_uuid = 'your-feedback-session-uuid'
$token_url = 'https://feedbackaide.learnosity.com/api/token'

$response = $client->post($token_url, [
'auth' => [$client_id, $client_secret],
'form_params' => [
'grant_type' => 'client_credentials', // Per OAuth spec, must always be included
'scope' => 'api:feedbackaide feedback_session_uuid:' . $feedback_session_uuid . ':RW state:grade',
],
]);

echo $response->getBody();

3. This will return the token as follows:

{
"access_token": "3e1db5b8-68fd-497d-9221-c98f3d5bb457",
"token_type": "bearer",
"expires_in": 7200
}

 

 

Was this article helpful?

Did you arrive here by accident? If so, learn more about Learnosity.