Requesting a Signed Request
You can request a signed request on demand by using the refreshSignedRequest() or repost() JavaScript methods in the SDK. refreshSignedRequest() returns a new signed request via a callback, while repost() asks the parent window to initiate a new POST to your canvas app and reloads the app page with a refreshed signed request.
- The OAuth token within a signed request typically expires after two hours. If the OAuth token has expired, and you need to make additional API requests, you can call refreshSignedRequest() to get a new OAuth token without interrupting the user.
- Canvas apps might need to use redirects, particularly when trying to provide single sign-on functionality across multiple systems. If your canvas app uses redirects, the redirect URL will not receive the original request body that contains the initial signed request information. You can use the new methods to request the signed request again.
- In Summer ’14 and later, canvas apps can be user-approved apps. If your user-approved app has not been approved by the user, your app will not get an initial signed request POST. Instead, your app will need to be approved through OAuth, and then you can call repost() to get the signed request.
Your canvas app must be configured to use signed request for authentication to use these methods. You’ll also need to reference canvas-all.js in your JavaScript code, as described in Referencing the Canvas SDK.
After a request succeeds, your canvas app must verify the returned SignedRequest information. For more information on verifying signed request information that is received from Salesforce, see Verifying and Decoding a Signed Request.
Using refreshSignedRequest() to Obtain a Signed Request
// Gets a signed request on demand.
Sfdc.canvas.client.refreshSignedRequest(function(data) {
if (data.status === 200) {
var signedRequest = data.payload.response;
var part = signedRequest.split('.')[1];
var obj = JSON.parse(Sfdc.canvas.decode(part));
}
}
Using repost() to Obtain a Signed Request
// Gets a signed request on demand, without refreshing the signed request.
Sfdc.canvas.client.repost();
// Gets a signed request on demand, first by refreshing the signed request.
Sfdc.canvas.client.repost({refresh : true});