Blackboard Learn provides support for three-legged OAuth 2.0 authorization.
Three-legged OAuth (3LO)
Developers can create applications using REST APIs that act on a user's behalf in a more secure way. When authorized using 3LO, applications can act on behalf of a user and therefore are restricted to the parts of Blackboard Learn for which that user has permissions to access.
Blackboard Learn supports the integration of external applications built using Blackboard Learn REST APIs. Before you can use an integration with Blackboard Learn, an administrator must register it.
Before you begin to register the application, you must obtain an application ID. The developer may provide the ID directly to the administrator or bundle it with the support documentation for the application.
System Admin > Building Blocks > REST API Integrations
- On the REST API Integrations page, select Create Integration.
- In the Application ID space, enter the application ID proved by the integration's developers.
- Select Browse next to Learn User. Search through the list of Blackboard Learn users to find the user that the integration should act as. Typically, an integration acts as Administrator or some other user created for integration management. Ideally, the user has only the permissions that the integration needs to function properly.
- For third-party integration, set End User Access to Yes. End users will sign in with their own Blackboard Learn IDs to use the integration. Each user's access is then limited to his or her own permissions. If you set End User Access to No, the integration always has access as if it were the Blackboard Learn user indicated on the form.
- If you select Yes for the End User Access option, you can configure the integration as a Trusted Service. This configuration option is controlled by the Authorized To Act As User setting. Set this option to Yes to bypass the requirement for an end user to authorize the application’s use. See the section on Trusted Services below for more information.
- Submit to save your settings for the integration.
A trusted service will communicate with Blackboard Learn in a very similar way that third-party developed applications communicate with Blackboard Learn. An application for the trusted service will be created in the developer portal, and the trusted service will use those credentials to interact with Learn.
Trusted services can do the following:
- Automatically have a Blackboard Learn site register itself as integrated with that trusted service and not let site admins remove that integration
- Bypass rate limits and site quotas normally placed on application integrations
- Utilize 3 Legged OAuth without having to present the Blackboard Learn end user with an allow/deny integration UI
A third-party application that isn't a trusted service remains editable and selectable, while the trusted service application can’t be selected. The menu for actions on the trusted service also shows only the View buttons.