In order to use this Strategy, you'll need a Connected App with Force.com Canvas
enabled, Canvas App URL
that points to the authenticate endpoint, and Access Method
set to Signed Request (POST)
.
npm install --save @broadly/passport-canvas-app
Create a strategy using the connected app consumer secret:
const strategy = new Strategy({
consumerSecret: '....'
}, function verifyUser(token, profile, done) {
console.log(profile);
return done(null, profile);
});
You will need to authenticate the canvas app endpoint, responding to POST (not GET) request:
app.post('/',
passport.authenticate('canvas-app'),
function canvasAppPage(req, res) {
res.render('index', {
parameters: req.body.parameters,
record: req.body.record,
user: req.user
});
}
)
If you are using sessions, don't forget to limit the session duration, and to reject unauthenticated requests on all other routes/methods.
app.use(function requireAuthentication(req, res, next) {
if (req.isAuthenticated())
next();
else
res.sendStatus(403);
});
The user profile is available from req.user
:
req.user
=> {
id: 'https://login.salesforce.com/id/00Dx00000001hxyEAA/005x0000001SyyEAAS',
organization_id: '00Dx00000001hxyEAA',
user_id: '005x0000001SyyEAAS',
display_name: 'Sean Forbes',
email: '[email protected]'
}
If the apex:canvasApp
component specifies any parameters, these parameters are available from req.body.parameters
:
<apex:canvasApp parameters="{count: 2}" ... />
req.body.parameters
=> {
count: 2
}
If the canvas app appears in association with an object, information about that object, and its fields, are available from req.body.record
:
req.body.record
=> {
attributes: {
type: 'Account',
url: '/services/data/v36.0/sobjects/Account/001xx000003DGWiAAO'
},
Id: '001xx000003DGWiAAO',
Phone: '(555) 555-5555',
Fax: '(555) 555-5555',
BillingCity: 'Seattle'
}