canvas-lms icon indicating copy to clipboard operation
canvas-lms copied to clipboard

Published 20 hours ago verified publisher icon instructure

Access to files in folder restricted via token authentication

Open Beebeeoii opened this issue 1 year ago • 0 comments

Summary:

There appears to be a weird issue where a API token (generated by Canvas) is forbidden to access files in some folders, but granted access when the user logs in normally via the website.

Steps to reproduce:

  1. With a token, access the endpoint /api/v1/folders/{folderID}/files
  2. Greeted with the following response:
{
    "status": "unauthorized",
    "errors": [
        {
            "message": "user not authorised to perform that action"
        }
    ]
}

Expected behavior:

The files within the folder should be visible, since it is if the user was to log in normally.

Actual behavior:

Greeted with an error 403.

Additional notes:

Beebeeoii avatar Jan 29 '24 06:01 Beebeeoii