Newer Version Available

This content describes an older version of this product. View Latest

Authentication

When you create a canvas app, you can use one of the following authentication methods:
  • Signed request—The default method of authentication for canvas apps. The signed request authorization flow varies depending on whether you configure the canvas app so that the administrator gives users access to the canvas app or if users can self-authorize. The signed request containing the consumer key, access token, and other contextual information is provided to the canvas app if the administrator has allowed access to the canvas app for the user or if the user has approved the canvas app via the approve/deny OAuth flow.
  • OAuth 2.0—Canvas apps can use the OAuth 2.0 protocol to authenticate and acquire access tokens. For more information about OAuth and the Force.com platform, see https://developer.salesforce.com/page/Digging_Deeper_into_OAuth_2.0_on_Force.com.