If you're creating an app via canva.cn, redirect users to the canva.cn domain instead of canva.com.
A token that Canva provides to the app at the start of the authentication flow. The app must return this token to Canva at the end of the authentication flow. This protects the app against Cross-Site Request Forgery (CSRF) attacks.
If true, Canva closes the authentication pop-up window and reloads the app. If false, Canva closes the authentication pop-up window and displays an error.