What is the default authentication method for Canvas?
Signed Request Authentication
What are the 2 settings that control authentication for a Canvas app?
- Admin approved users are pre-authorized
2. All users may self authorize
What is the signed request authentication based on?
OAuth
What are the OAuth flows supported?
Web server
User Agent
What is the flow when ‘Admin approved users are pre-authorized’ is selected?
SF performs a POST to canvas app with signed request + refresh token
What is the flow when ‘All users may self authorize’ is selected?
- If user has previously approved the app and access hasn’t been revoked or expired, SF performs POST to canvas app with signed request
- If app not yet approved, SF performs GET to canvas app url.
What is the parameter that is sent in the GET call to the canvas app URL that indicates that an OAuth flow should be triggered?
_sfdc_canvas_authvalue
What is the signed request made up of?
- Canvas app consumer secret encrypted with SHA-256
- Period (“.”)
- Context and Authorization token encoded in Base64
What are the functions that can be used to check the signed request?
VerifyAndDecode & VerifyAndDecodeAsJson
What function do you use to request another signed request?
refreshSignedRequest
