This article presents how to configure Single Sign-On (SSO) between Auth0 and Canvas LMS using an OIDC/OAuth2 flow with Canvas acting as the Identity Provider (IdP).

• Canvas LMS as IdP

Canvas can be used as an IdP for Auth0 users through the use of a Custom OAuth2 connection. Refer to Connect Apps to Generic OAuth2 Authorization Servers for details. Canvas' documentation on their OAuth2 endpoints can be found here: Oauth2 Flow 

The connection's fetch profile script will need to call the below Canvas endpoint with the access token provided from the login to get the logged-in user's email, name, profile picture, etc..

• GET /api/v1/users/:user_id/profile 

For example:

• • The authorization URL will be something like: https://[target Canvas domain here]/login/oauth2/auth
  • The token endpoint will be: https://[target Canvas domain here]/login/oauth2/token
  • The profile will be retrieved from: https://[target Canvas domain here]/api/v1/users/${context.user.id}/profile
    
    

If multiple Canvas instances need to be supported, a separate connection will be required for each instance.