PHPackages keith-vo-macusa/oauth2canva - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Authentication & Authorization](/categories/authentication) 4. / 5. keith-vo-macusa/oauth2canva ActiveLibrary[Authentication & Authorization](/categories/authentication) keith-vo-macusa/oauth2canva =========================== This is my package oauth2canva v1.0.1(4mo ago)1146↓100%[2 PRs](https://github.com/keith-vo-macusa/OAuth2Canva/pulls)MITPHPPHP ^8.2CI passing Since Dec 12Pushed 1mo agoCompare [ Source](https://github.com/keith-vo-macusa/OAuth2Canva)[ Packagist](https://packagist.org/packages/keith-vo-macusa/oauth2canva)[ Docs](https://github.com/keith-vo-macusa/oauth2canva)[ GitHub Sponsors](https://github.com/mac-oauth2-canva)[ RSS](/packages/keith-vo-macusa-oauth2canva/feed)WikiDiscussions main Synced 1mo ago READMEChangelog (2)Dependencies (13)Versions (4)Used By (0) OAuth2Canva =========== [](#oauth2canva) Laravel package for integrating OAuth 2.0 with Canva Connect API. This package provides full support for OAuth 2.0 Authorization Code flow with PKCE (SHA-256) according to Canva's official documentation. [![Latest Version on Packagist](https://camo.githubusercontent.com/e32aa429cb23d62b8561745ac3dedbb0a5f6a12d298ae8bc4478d0811c4239ce/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f762f6d61632f6f617574683263616e76612e7376673f7374796c653d666c61742d737175617265)](https://packagist.org/packages/mac/oauth2canva)[![GitHub Tests Action Status](https://camo.githubusercontent.com/727545a00c89383101dee98fab356c08de609baacadec6e8fa5a30e5b5094cd6/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f616374696f6e732f776f726b666c6f772f7374617475732f6d61632f6f617574683263616e76612f72756e2d74657374732e796d6c3f6272616e63683d6d61696e266c6162656c3d7465737473267374796c653d666c61742d737175617265)](https://github.com/mac/oauth2canva/actions?query=workflow%3Arun-tests+branch%3Amain)[![GitHub Code Style Action Status](https://camo.githubusercontent.com/5ecbd22b26b8dd016edf26679e70ef717acbc52b46d7c97d90be81e81a2bf9d8/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f616374696f6e732f776f726b666c6f772f7374617475732f6d61632f6f617574683263616e76612f6669782d7068702d636f64652d7374796c652d6973737565732e796d6c3f6272616e63683d6d61696e266c6162656c3d636f64652532307374796c65267374796c653d666c61742d737175617265)](https://github.com/mac/oauth2canva/actions?query=workflow%3A%22Fix+PHP+code+style+issues%22+branch%3Amain)[![Total Downloads](https://camo.githubusercontent.com/a1106659c5531e8410080aec08c40720848b0c0dbd7c619eaf699d911c46d76a/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f64742f6d61632f6f617574683263616e76612e7376673f7374796c653d666c61742d737175617265)](https://packagist.org/packages/mac/oauth2canva) Features -------- [](#features) - **OAuth 2.0 Authorization Code flow with PKCE** - Full OAuth 2.0 compliance with PKCE (SHA-256) according to Canva standards - **Generate authorization URL** - Automatically generate authorization URL with PKCE parameters - **Exchange authorization code** - Exchange authorization code for access token and refresh token - **Refresh access token** - Automatically refresh token when expired - **Introspect token** - Verify token validity on the server - **Revoke token** - Revoke token when no longer needed - **Helper methods** - Convenient methods for calling Canva API - **CanvaToken Model** - Eloquent model for managing tokens with helper methods - **Custom Exceptions** - Clear error handling with custom exceptions - **Auto-refresh** - Automatically refresh token when about to expire Requirements ------------ [](#requirements) - PHP >= 8.2 - Laravel >= 11.0 or >= 12.0 Installation ------------ [](#installation) Install the package via Composer: ``` composer require mac/oauth2canva ``` Publish and run the migrations: ``` php artisan vendor:publish --tag="oauth2canva-migrations" php artisan migrate ``` Publish the config file: ``` php artisan vendor:publish --tag="oauth2canva-config" ``` Add the following environment variables to your `.env` file: ``` CANVA_CLIENT_ID=your_client_id CANVA_CLIENT_SECRET=your_client_secret CANVA_REDIRECT_URI=https://your-app.com/canva/callback CANVA_SCOPES=asset:read asset:write design:meta:read ``` The config file (`config/oauth2canva.php`) contents: ``` return [ 'client_id' => env('CANVA_CLIENT_ID'), 'client_secret' => env('CANVA_CLIENT_SECRET'), 'redirect_uri' => env('CANVA_REDIRECT_URI'), 'scopes' => env('CANVA_SCOPES', ''), 'api_base_url' => env('CANVA_API_BASE_URL', 'https://api.canva.com'), 'authorization_url' => env('CANVA_AUTHORIZATION_URL', 'https://www.canva.com/api/oauth/authorize'), 'token_url' => env('CANVA_TOKEN_URL', 'https://api.canva.com/rest/v1/oauth/token'), ]; ``` Optionally, you can publish the views using: ``` php artisan vendor:publish --tag="oauth2canva-views" ``` Documentation ------------- [](#documentation) See [USAGE.md](USAGE.md) for detailed usage instructions with complete examples. Usage ----- [](#usage) ### Step 1: Generate Authorization URL [](#step-1-generate-authorization-url) ``` use Macoauth2canva\OAuth2Canva\Facades\OAuth2Canva; // Generate authorization URL $authData = OAuth2Canva::getAuthorizationUrl(); // Store code_verifier and state in session for later use session([ 'canva_code_verifier' => $authData['code_verifier'], 'canva_state' => $authData['state'], ]); // Redirect user to authorization URL return redirect($authData['url']); ``` ### Step 2: Handle Callback [](#step-2-handle-callback) ``` use Macoauth2canva\OAuth2Canva\Facades\OAuth2Canva; use Macoauth2canva\OAuth2Canva\Models\CanvaToken; // In your callback route public function handleCallback(Request $request) { // Verify state to prevent CSRF attacks $state = $request->query('state'); if ($state !== session('canva_state')) { abort(403, 'Invalid state parameter'); } // Get authorization code $code = $request->query('code'); $codeVerifier = session('canva_code_verifier'); // Exchange code for access token $tokenData = OAuth2Canva::exchangeCodeForToken($code, $codeVerifier); // Save token to database CanvaToken::create([ 'user_id' => auth()->id(), 'access_token' => $tokenData['access_token'], 'refresh_token' => $tokenData['refresh_token'], 'expires_at' => now()->addSeconds($tokenData['expires_in']), 'scopes' => $request->query('scope'), ]); // Clear session data session()->forget(['canva_code_verifier', 'canva_state']); return redirect()->route('dashboard')->with('success', 'Successfully connected to Canva!'); } ``` ### Step 3: Use Access Token to Call API [](#step-3-use-access-token-to-call-api) ``` use Macoauth2canva\OAuth2Canva\Facades\OAuth2Canva; use Macoauth2canva\OAuth2Canva\Models\CanvaToken; // Get user's token $token = CanvaToken::forUser(auth()->id())->first(); // Automatically refresh if needed (less than 5 minutes remaining) $accessToken = $token->getValidAccessToken(); // Call Canva API $response = OAuth2Canva::makeApiRequest( 'GET', '/rest/v1/users/me', $accessToken ); $userData = $response->json(); ``` ### Additional Methods [](#additional-methods) ``` // Introspect token to check validity $tokenInfo = OAuth2Canva::introspectToken($accessToken); if ($tokenInfo['active']) { // Token is still active } // Revoke token OAuth2Canva::revokeToken($accessToken); // Or use model method $token->revoke(); // Revoke and delete from database // Check token validity if ($token->isValid()) { // Token is still valid } if ($token->isActive()) { // Token is active on server } // Generate PKCE values (if you need to create them manually) $codeVerifier = OAuth2Canva::generateCodeVerifier(); $codeChallenge = OAuth2Canva::generateCodeChallenge($codeVerifier); $state = OAuth2Canva::generateState(); ``` API Reference ------------- [](#api-reference) ### OAuth2Canva Facade [](#oauth2canva-facade) - `getAuthorizationUrl(?string $codeVerifier, ?string $state, ?string $scopes, ?string $redirectUri)`: Generate authorization URL with PKCE - `exchangeCodeForToken(string $authorizationCode, string $codeVerifier, ?string $redirectUri)`: Exchange code for token - `refreshAccessToken(string $refreshToken)`: Refresh access token - `introspectToken(string $token)`: Check token validity on server - `revokeToken(string $token)`: Revoke token - `makeApiRequest(string $method, string $endpoint, string $accessToken, array $data = [])`: Make Canva API request - `generateCodeVerifier()`: Generate code verifier for PKCE - `generateCodeChallenge(string $codeVerifier)`: Generate code challenge from code verifier - `generateState()`: Generate state parameter for CSRF protection ### CanvaToken Model [](#canvatoken-model) - `isValid()`: Check if token is still valid (based on expires\_at) - `needsRefresh()`: Check if token needs to be refreshed - `refreshIfNeeded()`: Automatically refresh if needed - `getValidAccessToken()`: Get access token, automatically refresh if needed - `revoke()`: Revoke token and delete from database - `isActive()`: Check if token is active on server - `scopeForUser($query, string $userId)`: Query scope - `scopeValid($query)`: Query scope for valid tokens Testing ------- [](#testing) Run the test suite: ``` composer test ``` Changelog --------- [](#changelog) Please see [CHANGELOG](CHANGELOG.md) for more information on what has changed recently. Contributing ------------ [](#contributing) Contributions are welcome from the community. Please see [CONTRIBUTING](CONTRIBUTING.md) for details. Security Vulnerabilities ------------------------ [](#security-vulnerabilities) If you discover a security vulnerability, please send an email directly to the maintainer instead of using the issue tracker. All security vulnerabilities will be promptly addressed. Credits ------- [](#credits) - [keith-vo-macusa](https://github.com/keith.vo) - [All Contributors](../../contributors) License ------- [](#license) The MIT License (MIT). Please see [LICENSE](LICENSE.md) for more information. ### Health Score 42 — FairBetter than 90% of packages Maintenance83 Actively maintained with recent releases Popularity16 Limited adoption so far Community9 Small or concentrated contributor base Maturity49 Maturing project, gaining track record Bus Factor1 Top contributor holds 81.8% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Every ~2 days Total 2 Last Release 146d ago ### Community Maintainers ![](https://www.gravatar.com/avatar/2746c3d908111c0780739ae3ce84bb8e66bc7fbbad9fa548599687ba3d5cc2a7?d=identicon)[keith-vo-macusa](/maintainers/keith-vo-macusa) --- Top Contributors [![keith-vo-macusa](https://avatars.githubusercontent.com/u/211969961?v=4)](https://github.com/keith-vo-macusa "keith-vo-macusa (9 commits)")[![dependabot[bot]](https://avatars.githubusercontent.com/in/29110?v=4)](https://github.com/dependabot[bot] "dependabot[bot] (1 commits)")[![github-actions[bot]](https://avatars.githubusercontent.com/in/15368?v=4)](https://github.com/github-actions[bot] "github-actions[bot] (1 commits)") --- Tags laravelmac-oauth2-canvaoauth2canva ### Code Quality TestsPest Static AnalysisPHPStan Code StyleLaravel Pint ### Embed Badge ![Health badge](/badges/keith-vo-macusa-oauth2canva/health.svg) ``` [![Health](https://phpackages.com/badges/keith-vo-macusa-oauth2canva/health.svg)](https://phpackages.com/packages/keith-vo-macusa-oauth2canva) ``` ### Alternatives [spatie/laravel-permission Permission handling for Laravel 12 and up 12.9k89.8M1.0k](/packages/spatie-laravel-permission)[bezhansalleh/filament-shield Filament support for `spatie/laravel-permission`. 2.8k2.9M88](/packages/bezhansalleh-filament-shield)[jeffgreco13/filament-breezy A custom package for Filament with login flow, profile and teams support. 1.0k1.7M41](/packages/jeffgreco13-filament-breezy)[spatie/laravel-login-link Quickly login to your local environment 4381.2M1](/packages/spatie-laravel-login-link)[ryangjchandler/laravel-cloudflare-turnstile A simple package to help integrate Cloudflare Turnstile. 438896.6k2](/packages/ryangjchandler-laravel-cloudflare-turnstile)[spatie/laravel-passkeys Use passkeys in your Laravel app 444494.4k16](/packages/spatie-laravel-passkeys) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)