We’re making a small change to how access token expiry is handled for apps which use the OAuth integration in the Apps SDK.
Canva will now use a default expiry of 90 days if your identity provider (IdP) doesn’t return the expires_in field as part of its access token success response.
-
If your configured IdP returns the
expires_infield, your app is not affected by this change. -
If your configured IdP doesn’t return the
expires_infield, your app may be affected by this change. Please note the following:-
If the access tokens issued by your app’s IdP expire earlier than 90 days, then nothing changes for your app. When the current token expires, you must continue use
forceRefreshingetAccessTokento retrieve a new access token. -
If the tokens expire later than 90 days, then Canva will attempt to refresh the token if your app uses
getAccessTokenafter this time.-
If the refresh is successful, the new access token will be returned to your app.
-
If there is no refresh token or the refresh is unsuccessful, the user will need to re-authenticate.
-
-
Note that the duration of the default expiry may change at any time, so please ensure that your app does not depend on its duration.