Accessing User Data
Authorization Header
All the REST APIs require the Authorization header with Bearer {access_token} obtained from the previous step.
You can now use the access_token to access data for the currently logged in user. The root endpoint for accessing data can be found at https://nodeapi.classlink.com and documented in the OneClick SSO REST API section.
Get User Info##
Let's fetch the user info for the currently logged in user with your access token! If you are looking for identity information, you can use the https://nodeapi.classlink.com/v2/my/info endpoint.
Simply do a GET request with Authorization : Bearer {access_token} as a header to https://nodeapi.classlink.com/v2/my/info.
The API will respond with details related to the user.
TenantId
The TenantId will identify which district the user is from. Please make sure you know what tenantId is assigned to the school district you are working with
| Name | Description |
|---|---|
| UserId | Unique ID assigned to the user within ClassLink |
| TenantId | ID assigned to the school district. Ensure you are working with users in the proper Tenant ID. |
| LoginId | AD username if it exists. Most school districts use Active Directory and this will be populated with their AD username. |
| Tenant | Name of the school district the user is from. |
| Building | Name of the domain. Most districts usually just have one building/domain configured. |
| Role | available roles are Student, Teacher, Tenant Administrator |
| SourcedId | If the district has OneRoster enabled, this will have the sourcedId of the user from OneRoster. |
Access Denied!
Some endpoints may not work if you do not request the proper scopes.
Open ID
Another way is through the id_token. To get the user info, simply take the id_token, go to jwt.io, and it would decode the id_token. Only view the Payload section.
| Name | Description |
|---|---|
| iss | String identifying the party that issued this state value. |
| sub | String identifying the subject that this state value is intended for. |
| aud | String identifying the client that this state value is intended for. |
| nonce | Value used to associate a Client session with an ID Token. |
| exp | The expiration time on or after which the JWT MUST NOT be accepted for processing. |
| iat | Timestamp of when this Authorization Request was issued. |
| auth_time | Time when the authentication occurred. |
| login_hint | Hint to the Authorization Server about the login identifier the End-User might use to log in (if necessary). |
| email_verified | The e-mail address was controlled by the End-User at the time the verification was performed. |
| End-User's preferred e-mail address. | |
| name | End-User's full name in displayable form including all name parts, possibly including titles and suffixes, ordered according to the End-User's locale and preferences. |
| profile | URL of the End-User's profile page. The contents of this Web page SHOULD be about the End-User. |
| address | End-User's preferred postal address. |
| locality | End-User's locale. |
| region | End-User's time zone. |
| rfp | String containing a verifiable identifier for the browser session, that cannot be guessed by a third party. |
Note
rfp parameter will only show up if state query parameter is used in launch link.
Updated almost 2 years ago