DownloadVideo already handles the Panopto Login.aspx canvas auth form
correctly through its multi-step form submission logic. The real fix for
ExternalUrl Panopto folder links was the URL normalization (List.aspx?folderID=
→ List.aspx#folderID="...") already in DownloadVideo.
Remove DownloadExternalPanoptoURL (dead code) and all debug prints.
Update README with -vo flag documentation.
For ExternalUrl module items, the Canvas API returns url=null and
html_url=.../module_item_redirect/<id>. We were passing item.URL (empty)
causing the session_token call to return no session_url.
The Canvas app authenticates ExternalUrl items via:
GET session_token?return_to=<module_item_redirect>?display=borderless
→ GET session_url → OAuth2 confirm
→ POST /login/oauth2/accept
→ Panopto Login.aspx?code= → CookieCheck.aspx (sets Panopto cookies)
Our previous code used sessionless_launch (the course-level Panopto tool)
for direct Panopto links, which gave wrong/incomplete Panopto cookies.
Added DownloadExternalPanoptoURL() that replicates the exact app flow.
Falls back to DownloadVideo if no Panopto cookies are obtained.
Both List.aspx (folder playlists) and Viewer.aspx (single videos) are
handled with the correct yt-dlp flags and output templates.
Canvas stores folder links as List.aspx?folderID=X (query param).
yt-dlp's PanoptoList extractor requires List.aspx#folderID="X"
(fragment with quoted ID) to scope the download to that folder.
Without the fragment form it downloaded the entire Panopto instance
(1806 items instead of 3).
Also drop --no-playlist for list URLs since they are intentional
playlists, and use title/%(title)s.%(ext)s output template for them.
