While implementing Login From App Canvas as described here I encountered some problems. I think the solution I've found should be described in the Troubleshooting section. The main problem is that if Canvas or Page Tab URL has a trailing slash then web server performs a 301 redirect and the POST'ed signed_request is lost. Also I think that Route::match(['get', 'post'] is wrong (and in my case it was misleading) because both Canvas and PageTab helpers will always obtain null access token from a GET request. It should be Route::post in both examples.

Hey @SammyK! Thanks, I'm glad my contribution was useful! Ok, I reverted the route back to both POST and GET. However, I still think it's not a very good solution. I believe that for the situation you described a much better approach would be to create a separate GET route without CanvasHelper token validation logic in it, rather then combine both POST and GET in a single route. But that's just my opinion. :)