Force.com Canvas Flashcards
What is Force.com Canvas?
An integration framework for integrating external web applications within a Salesforce org.
Works with any web-enabled application that uses https.
Places an application within Chatter tab or a VF page
Admin can determine who can access the app.
Should be defined within the Connected Apps framework
Communication can happen either with http post or get. post is more secure as it does not have query parameters.
Force.com Canvas SDK can be used to access the Salesforce data layer
How does Canvas overcome same origin policy?
Using Force.com Canvas SDK.
When a user navigates to the Canvas app either in the chatter tab or vf page, the external page from the external server is loaded. This page can then use the canvas sdk.
This is an AJAX based toolkit that can call the Salesforce API.
What are the OAuth setting/policy options for a canvas app?
Admin-approved users are pre-authorized
All users may self-authorize
What are the access methods for Canvas app?
- Signed Request
Default authentication method. Uses HTTP Post. Must use the ‘Admin-approved users are pre-authorized’ OAuth policy. Less chatty across the network. Preferred method. - OAuth
External app is responsible for initiating the flow. Salesforce perform an HTTP Get to invoke the canvas app. Supports Web server flow and user agent flow. Can use either of the OAuth policies.
What are the three javascript interfaces provided by the Canvas SDK?
sfdc. canvas
sfdc. canvas.context
sfdc. canvas.oauth
What does the context object include?
Context object can be retrieved from the CanvasRequest object. It contains:
- Application
- Environment
- Links
- Organization
- User
How can canvas apps from multiple domains communicate with each other?
sfdc.canvas.client methods enable this through events.
publish
subscribe
unsubscribe