Accessing User Data

πŸ“˜

Authorization Header

All the REST APIs require the Authorization header with Bearer {access_token} obtained from the previous step.

You can now use the access_token to access data for the currently logged in user. The root endpoint for accessing data can be found at https://nodeapi.classlink.com and documented in the OneClick SSO REST API section.

Get User Info##

Let's fetch the user info for the currently logged in user with your access token! If you are looking for identity information, you can use the https://nodeapi.classlink.com/v2/my/info endpoint.

Simply do a GET request with Authorization : Bearer {access_token} as a header to https://nodeapi.classlink.com/v2/my/info.

The API will respond with details related to the user.

πŸ“˜

TenantId

The TenantId will identify which district the user is from. Please make sure you know what tenantId is assigned to the school district you are working with

Name

Description

UserId

Unique ID assigned to the user within ClassLink

TenantId

ID assigned to the school district. Ensure you are working with users in the proper Tenant ID.

LoginId

AD username if it exists. Most school districts use Active Directory and this will be populated with their AD username.

Tenant

Name of the school district the user is from.

Building

Name of the domain. Most districts usually just have one building/domain configured.

Role

available roles are Student, Teacher, Tenant Administrator

SourcedId

If the district has OneRoster enabled, this will have the sourcedId of the user from OneRoster.

🚧

Access Denied!

Some endpoints may not work if you do not request the proper scopes.

Open ID

Another way is through the id_token. To get the user info, simply take the id_token, go to jwt.io, and it would decode the id_token. Only view the Payload section.

Name

Description

iss

String identifying the party that issued this state value.

sub

String identifying the subject that this state value is intended for.

aud

String identifying the client that this state value is intended for.

nonce

Value used to associate a Client session with an ID Token.

exp

The expiration time on or after which the JWT MUST NOT be accepted for processing.

iat

Timestamp of when this Authorization Request was issued.

auth_time

Time when the authentication occurred.

login_hint

Hint to the Authorization Server about the login identifier the End-User might use to log in (if necessary).

email_verified

The e-mail address was controlled by the End-User at the time the verification was performed.

email

End-User's preferred e-mail address.

name

End-User's full name in displayable form including all name parts, possibly including titles and suffixes, ordered according to the End-User's locale and preferences.

profile

URL of the End-User's profile page. The contents of this Web page SHOULD be about the End-User.

address

End-User's preferred postal address.

locality

End-User's locale.

region

End-User's time zone.

rfp

String containing a verifiable identifier for the browser session, that cannot be guessed by a third party.

πŸ“˜

Note

rfp parameter will only show up if state query parameter is used in launch link.