Newer Version Available

This content describes an older version of this product. View Latest

OAuth Authorization

Canvas supports OAuth 2.0 for authorization.
When using OAuth with Canvas, you have two options:
Regardless of which OAuth flow you implement, the canvas app must provide code for initiating the standards-based OAuth flow. OAuth considerations include:
  • Salesforce performs an HTTP GET when invoking the canvas app URL.
  • With the user agent flow, all authorization can be performed in the browser (no server-side code is needed).

For more information about OAuth, see Authorize Apps with OAuth in Salesforce Help.

Existing Connected Apps and OAuth

If you have an existing connected app that uses OAuth authorization and you want to expose that app as a canvas app, you have two options.
  • Edit the existing app (create a new version) and add the canvas app information to it. Your app can continue to use the same client ID and secret.
  • Create a new canvas app, which is given a new client ID and consumer secret. Make sure to update your app with client ID and secret.