OAuth SSO with Canvas LMS as IdP

Problem statement

I want to achieve SSO between Auth0 and Canvas LMS, with Canvas as the IdP using an OIDC/OAuth2 flow.


Canvas can be used as an IdP for Auth0 users through a Custom OAuth2 connection.

Canvas’ documentation on their OAuth2 endpoints is here:

Your connection’s fetch profile script will need to call this Canvas endpoint with the access token provided from the login to get the logged-in user’s email, name, profile picture, etc.:


  • the authorization URL:
    https://[target Canvas domain here]/login/oauth2/auth

  • token endpoint:
    https://[target Canvas domain here]/login/oauth2/token

  • retrieve user profile:
    https://[target Canvas domain here]/api/v1/users/${[context.user.id](http://context.user.id/)}/profile

If you need to be able to support multiple Canvas instances, a separate connection is needed for each instance.