After completing this unit, you'll be able to:
- Understand the authentication process of Canvas apps.
- Understand how to use Heroku to run Salesforce Canvas apps.
Canvas apps use a connected app in Salesforce and can use either a signed request or the typical OAuth flow to handle authentication. One advantage of a signed request method is that when a Salesforce admin has permitted users to access the Canvas app, no intermediate authorization is required for the app to make requests to Salesforce. After the Canvas app has been loaded, the app can begin accessing Salesforce data that the user has access to.
When running a Canvas app on Heroku, the app needs the connected app's consumer secret, which is provided to the app through a Heroku Config Var, available to the app as an environment variable.