Embed Login API
Embed links in your application that log your users into Canvas
Last updated
Embed links in your application that log your users into Canvas
Last updated
Canvas allows your to generate links that log your users into your Canvas account and optionally redirect them to a specific dashboard.
If you want to use this API please request that Canvas enable this for you.
Navigate to your and click "Create key" under the Embed API section. Save this key securely. This key has the ability to grant access to your account. This key cannot be retrieved once generated.
If you implement your own backend we recommend using libsodium
to sign the tokens as well. You can follow this guide.
The key you receive from Canvas is actually an [identifier].[key]
pair where the key
is your secret key and the identifier
is a unique identifier for this key in Canvas. You use the key
portion to generate your encrypted payloads and simply include the identifier
in the last step.
Canvas expects the encrypted message payload to be a JSON string with the following structure:
The encrypted payload and the nonce should then unpacked from bytes
into hex
for transmission.
This should then be included in the following token payload to Canvas:
Stringify and base64
encode this to get your token.
On the frontend you only need to add a link with the following structure:
The redirect
portion is optional. If not included the user will be redirected to the Canvas homepage.
Any emails that you want to login with this method will need to be invited to your Canvas team beforehand.
Using the signing key your application backend can generate tokens that grant bearers permission to login to Canvas. You can use one of Canvas' to generate the tokens or use them as a guide to implement your own generation.
The key is generated using .
This payload should be using the key
portion of the signing key and a nonce