Status of this gem? Using scoped API tokens

[cycomachead]

Is there interest in updates or PRs to this gem?

Many institutions are requiring applications to use Canvas' scoped API keys, and working with omniauth-canvas has made that a little tricky, though not impossible.

• Documentation: It needs to be clear that the url:GET|/api/v1/users/:user_id/profile scope is required both to be enabled for the developer token and listed in the API request, since that's the endpoint used for profile info.
• Without this, even if you correctly pass scopes to Canvas, you get a very opaque error, and because the request happens automatically, it took longer than I care to admit to debug this...
• I had to manually append the scopes as a query string to the auth and token URLs. It would be great if we could expose an easier config option. (I can provide more details later.)

I'm happy to draft a PR at some point, if it would be acceptable. Otherwise, no problem just maintaining our own fork.

[jbasdf]

We're definitely interested in contributions. Please submit a PR and we'd be happy to review and accept the changes. Thank you!

[cycomachead]

👍 thanks for the quick reply!

School's starting for me in a few weeks, so now that I've fixed my app, I'll need to spend some time prepping classes, but definitely planning to send a PR!

[jbasdf]

Sounds great. Thanks again and good luck with the start of classes! Justin

…

On Tue, Aug 12, 2025 at 2:02 PM Michael Ball ***@***.***> wrote: *cycomachead* left a comment (atomicjolt/omniauth-canvas#6) <#6 (comment)> 👍 thanks for the quick reply! School's starting for me in a few weeks, so now that I've fixed my app, I'll need to spend some time prepping classes, but definitely planning to send a PR! — Reply to this email directly, view it on GitHub <#6 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AAAA75XAUE4VEJ7BDFEZBL33NJB53AVCNFSM6AAAAACDVTV4UCVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZTCOBQHA2DKNJXGU> . You are receiving this because you commented.Message ID: ***@***.***>