initUserTokenVerifier
This API is a preview. Preview APIs are unstable and may change without warning. You can't release public apps using this API until it's stable.
Initializes a user token verifier with the given configuration.
The verifier caches JWKS public keys according to the configured cache settings. Create one verifier instance and reuse it for all verification requests.
Usage
Basic usage:
import { initUserTokenVerifier } from '@canva/app-middleware';// Initialize once at app startupconst userTokenVerifier = initUserTokenVerifier({appId: process.env.CANVA_APP_ID,});// Verify tokens per request inside a handlerconst payload = await userTokenVerifier.verify(token);console.log(payload.userId, payload.brandId);
With custom options:
const userTokenVerifier = initUserTokenVerifier({appId: process.env.CANVA_APP_ID,cacheMaxAgeMinutes: 30,timeoutMs: 10000,});
Parameters
optionsUserTokenVerifierOptionsConfiguration options for the verifier
appIdstringThe ID of the Canva app, obtained via the developer portal canva.com/developers.
cacheMaxAgeMinutesnumberThe maximum age of the JWKS cache in minutes.
Default value: 60
timeoutMsnumberThe timeout for the JWKS fetch in milliseconds.
Default value: 30000
baseUrlstringThe base URL for the JWKS endpoint.
Default value: "https://api.canva.com"
Returns
A configured verifier instance.
verifyfunctionVerifies a Canva user JWT token and returns the decoded payload.
Parameters
tokenstringThe JWT token to verify
Returns
The verified user token payload. This is a Promise that resolves with the following object:
appIdstringThe ID of the Canva app
userIdstringThe ID of the authenticated user
brandIdstringThe ID of the user's team/brand
Throws
When the token is malformed or has an invalid signature
Throws
When the token has expired