Obtaining Oauth credentials for Third-party integrations

IRIS Oauth provider acts a gateway for Third-party applications/websites to authenticate users via IRIS.

The direct benefits of this provision are:

1. Ability to verify an user as a student of NITK
2. Obtain relevant student details directly from the authorised data on IRIS

Procedure to integrate IRIS Oauth

1. Draft a request mail to oauth@iris.nitk.ac.in with the following details:

   • Name of the Application

   • Callback URL(s)

   • Required Scopes (Scopes are mentioned below)

     Note: Permission to obtain the profile is not needed but must be mentioned during request

2. The approvals will be done by Akshay Revankar (IRIS Team Lead 2017-18)

3. The Client ID and Client Secret will be provided back to the requested email once approved

4. The Client Secret, as the name says, shouldn’t be disclosed.

Note: The required scopes must be authorised by the user explicitly for your application to have access to it.

Procedure to obtain the Access Credentials

• Obtaining the Authorization Code
• Obtaining the Access Token

Oauth Scopes

The Oauth scopes refer to the different types of data that the third-party application can retrieve from the IRIS database. All the scopes except profile need permissions from the respective authorities mentioned below, post which the approved scopes will be added to your application.

The access token generated for the scopes authorised by the user will be valid for a maximum time of 2 hours, post which a new access token must be generated. This access token must be passed as a get parameter access_token alongwith the API call

The scopes currently available are:

Oauth Scopes:

• Profile
• Profile Picture
• Basic Academic Data
• Detailed Academic Data
• All Students’ Basic Data
• Finance Information

1. profile (default scope)
   • Access the Name, Email address and Roll Number of the user
   • This is the default scope and no permission is required to obtain this information
2. profile_pic
   • Access the Profile Picture of the user
   • Authority for approval : Dr. Ananthanarayana V S (Dean R&C)
3. academic_basic_data
   • Access the Basic Academic Data
   • This includes the SGPA and CGPA for each semester
   • The number of credits completed by the student till now
   • Authority for approval : Assistant Registrar (Academic) - I
4. academic_detailed_data
   • Access Detailed Academic Data
   • This includes the SGPA and CGPA for each semester
   • Courses completed in each semester
   • The grade and credits obtained in each course
   • The number of credits completed by the student till now
   • Authority for approval : Assistant Registrar (Academic) - I
5. all_students_basic_data
   • Access Basic Profile Data and profile picture of all students
   • This is subject to role access granted to the request user on IRIS
   • Authority for approval : Assistant Registrar (Academic) - I
6. finance_information
   • Access user’s financial transaction details
   • This includes Transaction Number, Amount, Date and Mode of Transaction
   • *Authority for approval : Assistant Registrar (Accounts) and/or Registrar