Pages can be reached through many URLs — with and without www, with and without trailing slashes, with tracking parameters appended. Without a canonical, search engines pick one for you and the rankings can fragment across the duplicates. The <link rel="canonical" href="..."> tag in <head> (or an equivalent Link: ...; rel="canonical" HTTP header) names the version that should accumulate authority.
The canonical URL must be reachable, must be self-consistent (a page can canonicalise to itself), and should be absolute. Pointing the canonical at a page that itself canonicalises elsewhere is a chain — Google may follow it, but it weakens the signal and is worth flattening.
Most modern frameworks let you set the canonical per page. In Next.js's App Router that means metadata.alternates.canonical. Missing or incorrect canonicals are one of the most common SEO regressions after a site rebuild.