Newer Version Available
Authentication
When you create a canvas app, you can use one of the following
authentication methods:
- Signed request—The default method of authentication for canvas apps. The signed request authorization flow varies depending on whether you configure the canvas app so that the administrator gives users access to the canvas app or if users can self-authorize. The signed request containing the consumer key, access token, and other contextual information is provided to the canvas app if the administrator has allowed access to the canvas app for the user or if the user has approved the canvas app via the approve/deny OAuth flow.
- OAuth 2.0—Canvas apps can use the OAuth 2.0 protocol to authenticate and acquire access tokens. For more information about OAuth and the Lightning platform, see Digging Deeper into OAuth 2.0 in Salesforce.