Desire 2 Learn Valence API authentication and cookies

0
votes

I'm trying to use the valence api in a headless manner.

Side note: I had to modify the hyperlinks so they were not links or I couldn't post the question.

Scenario 1:

When using the Java example provided, the following URLs are hit if no cookies are present:

https://elearning.masked.edu/d2l/auth/api/token?x_a=JjGDh8MaskedDgOGlPPagA&x_b=gnNIMasked99PGLtcVflc_488PD59k2TjJbfyj-jlXHY&x_target=http%3A%2F%2Flocalhost%3A8080%2FD2LValenceExample%2Findex.jsp

Which gives me a 302 response and sends the browser to

https://elearning.masked.edu/d2l/login?target=%2fd2l%2fauth%2fapi%2ftoken%3fx_a%3dJjGDh8MaskedDgOGlPPagA%26x_b%3dgnNIMasked99PGLtcVflc_488PD59k2TjJbfyj-jlXHY%26x_target%3dhttp%253a%252f%252flocalhost%253a8080%252fD2LValenceExample%252findex.jsp&sessionExpired=1

Which gives me another 302 response and sends the browser to

https://elearning.masked.edu/?target=%2fd2l%2fauth%2fapi%2ftoken%3fx_a%3dJjGDh8MaskedDgOGlPPagA%26x_b%3dgnNIMasked99PGLtcVflc_488PD59k2TjJbfyj-jlXHY%26x_target%3dhttp%253a%252f%252flocalhost%253a8080%252fD2LValenceExample%252findex.jsp

Which is the D2L login screen. So I log in and a post with my credentials is sent to:

https://elearning.masked.edu/d2l/lp/auth/login/login.d2l

Finally, my browser is sent to the D2L home:

https://elearning.masked.edu/d2l/lp/homepage/home.d2l?ou=1234123

This doesn't follow the flow as listed in http://docs.valence.desire2learn.com/basic/auth.html . I was expecting a redirect to the appURL.

But, when we do this a second time, the expected result is achieved:

Scenario 2:

https://elearning.masked.edu/d2l/auth/api/token?x_a=JjGDh8MaskedDgOGlPPagA&x_b=gnNIMasked99PGLtcVflc_488PD59k2TjJbfyj-jlXHY&x_target=http%3A%2F%2Flocalhost%3A8080%2FD2LValenceExample%2Findex.jsp

http://localhost:8080/D2LValenceExample/index.jsp?x_a=Da6kyMaskedDMZy8l_1&x_b=SV6_ONhvMaskedoBc_hHZ&x_c=oD7JMT9CGgyLljIF_1MaskedCI5YZHJPcIgKD4

The difference is the cookies. When I delete the cookies for elearning.masked.edu, the result in scenario 1 always happens. So the question becomes what is the correct way to make the web-service authentication call when we are starting without cookies?

1
desire2learn

1 Answers

0
votes

When starting without cookies (Scenario 1) that sequence is what I am used to seeing (using the samples and test server) with one difference.

At the last step when posting credentials to: http{s}://elearning.masked.edu/d2l/lp/auth/login/login.d2l

The expected result would be to redirect first back to the login resource (d2l/auth/api/token) and then to your target: http://localhost:8080%/D2LValenceExample/index.jsp

Couple suggestions to figure this out:

Does this same code work using the key and server from the sample (http://docs.valence.desire2learn.com/samples/gettingStarted.html#java)? If so it suggests something context specific with the server (which may mean contacting D2L Support).

Is there any other redirect steps between posting credentials and arriving to the home page?

Is there any special filters or auth system in use that might affect login?