+ Start a Discussion
PFL AdministratorPFL Administrator 

Canvas App Winter 16 issue

We have a Canvas connected app that is using the Web Server OAuth flow.  This is working for all of our clients except for one who is in version winter 16 beta and Performance Edition in their sandbox.  We have “Admin approved users are pre-authorized”.  However for this client we are getting an error from the RemoteAccessAuthorizationPage.apexp (see the ConsoleLog.png), it is refusing to display because of the x-frame-options.  It is our understanding that with the pre-authorized OAuth setting, this page does not need to display, but simply redirect back to our Canvas app.  If we open the RemoteAccessAuthorizationPage in another window (outside the iframe), we see the see the page in the attached RequestingPermission.png image.  We are presuming this is the page users would see if the OAuth setting was “All users may self-authorize”.  After clickin “allow” on this page, our Canvas app authorizes and loads.  We want to help this customer use our app.  Can you tell us why this is not working and how to fix it?  Is there an additional setting needs to be tweak for this version?
User-added image 
User-added image
A second issue is that the request to our Canvas app from all installed instances comes from a URL host ending with “visual.force.com”.  From this customer the URL host is “cvent--pcopy.cs21.my.salesforce.com” which does not end with “visual.force.com”.  Why is that?
Gordon Engel 7Gordon Engel 7
The answer to your second question is (probably) that the end user has purchased a "My Domain", which changes the domain name and URL format. 

See: https://help.salesforce.com/apex/HTViewHelpDoc?id=domain_name_app_url_changes.htm&language=en_US
PFL AdministratorPFL Administrator
I'm not sure this holds true.  I signed up for a trial version of Winter '16, and have received a URL that enged in salesforce.com and not visual.force.com
Gordon Engel 7Gordon Engel 7
Regarding the first question, can you review the following workaround?

http://salesforce.stackexchange.com/questions/91586/oauth-from-vf-page-in-new-lightning-cannot-redirect-vf-page-to-login-salesforc
 
Gordon Engel 7Gordon Engel 7
My previous reply doesn't address the OAuth problem, just the redirect in an iframe.  I'm still researching.
jhurstjhurst

PFL Administrator,

You mention in the original post "we have “Admin approved users are pre-authorized”".  This setting is a per org option.  So, when your customers install the app, they have to make sure that they have approved the app for their users.  This is not new to the Winter 16 release.

The behavior you describe happens when the app is not pre approved.  In this case, since you have set the access method as OAuth, it is up to your app to manage the flow.  Part of the management is that you do not try to embed the autorization page in an iframe where it will be blocked.  Instead, you would have to use a pop-up display as is outlined in the canvas docs.

Hope this helps.
Jay 

PFL AdministratorPFL Administrator
Thanks for everyone's response.  We are going to look at the workaround, but the real concern is that we have had no issues with this functionality on the summer '15 and previous releases.  Our clients that have been upgraded are now seeing this issue.  Given that nothing has changed on our side, I am lead to believe that a change in functionality with the Winter '16 release is causing this new behavior.  Can anyone shed any light on this aspect?
jhurstjhurst
If the issue is that the app is trying to embed the salesforce OAuth page (whihc is what I believe is happening) then this would have existed since canvas was released.  It should be very easy to test though.  If you install the package into a Summer 16 release and set the approval settings to "All users may self-authoprize" you should see the same issue,
Parin BhallaParin Bhalla
Hi , I am doing canvas integration for Oracle Incentive Comp Screen Plugin In SFDC VF Page Using connected app Web Flow Get access method. However I am unable to determine how exactly OAUTH will be handled and screen can be displayed in SFDC. I have checked on with various article's and implementation guide for CANVAS,But could not find anything substantial. I will really appreciate if you could guide me with any documentation or piece of code which could help me understand what i need to do next.