Use OAuth 2.0 to Authenticate with Blackboard Learn

Document created by rh0068002 on Mar 15, 2018Last modified by mkauffman on Mar 28, 2019
Version 11Show Document
  • View in full screen mode

Blackboard Learn offers a REST API for authenticating applications and application users using variants of the OAuth 2.0 specification. Select the OAuth 2.0 variant that matches your needs. OAuth 2.0 is an industry standard. You can read more about these means of authentication here: The OAuth Bible .

  • Three-legged OAuth

    In this approach, your app requires a user login and uses that individual's credentials to log into Blackboard Learn. During the session, the application has access only to the data and features allowed to that user. This approach limits access to the particular logged-in user's entitlements. If your application lends itself to having the user log into your application before accessing Blackboard Learn via your application, we recommend this approach because it limits the user's authorization to exactly the same authorization they have been given by Learn administrator.

  • Basic OAuth (Two-Legged)
    In this approach, your application only has access to all data and features granted by the entitlements of the user the Learn administrator associates with the REST application when they install the application on the Learn system. This approach is ideal when (1) all users of the REST application need the same set of entitlements to Blackboard Learn or (2) only trusted persons will be using the application. It may also be satisfactory when other security measures prevent unauthorized access to data and features. An analogy for Basic OAuth is the old Building Block (B2) mechanism where the B2 informed the Learn administrator of the entitlements it needed on install. Then all users access to Learn data and features through the B2 was managed through the B2 business logic, limited to the entitlements it was given on install.


If you're uncertain about which to use, read, and understand, every page of this documentation - The OAuth Bible

4 people found this helpful