The Authentication capability lets users authenticate with apps via third-party platforms. This makes it possible for apps to bridge the gap between Canva and external services.
Benefits
- Give users access to certain features or content based on their specific privileges.
- Let users access their own content, such as their personal files from a file storage service.
- Monetize apps by offering premium features and content.
User experience
- The user triggers an authentication flow. (The app determines how a user does this.)
- Canva opens a popup window.
- Within the popup window, the user authenticates with a third-party platform.
- At the end of the authentication flow, the popup window closes.
- The user is logged in (or shown an error if the authentication fails).
Lifecycle
The overall lifecycle of the Authentication capability can be broken down into three stages:
- Checking a user's authentication status
- Authenticating a user
- Disconnecting an app
Each stage has its own, more granular lifecycle.
Checking a user's authentication status
- The app's frontend sends an HTTP request to its backend with a JWT in the
Authorization
header. (The JWT itself is generated by Canva. See Sending requests). - The app's backend extracts the user's ID from the JWT's payload.
- The app's backend checks if the ID is associated with a user.
- The app's backend returns the user's authentication status.
- The app's frontend determines what to render based on the user's authentication status.
Authenticating a user
- The app's frontend initializes the Authentication capability.
- The app's frontend calls the
authenticate
method. - Canva opens a popup window.
- Within the popup window:
- Canva redirects the user to the app's Redirect URL.
- The user navigates through the app's authentication flow.
- The app redirects the user back to Canva.
- Canva closes the popup window.
- The
authenticate
method returns anAuthenticationResult
object.
Disconnecting an app
- The user disconnects the app via Canva's UI.
- Canva sends a
POST
request to the app's backend. - The app's backend removes any connection between the user and Canva.
- The app's backend returns a confirmation of the disconnection.