topic Re: Application OAUTH request in ArcGIS JavaScript Maps SDK Questions

Application OAUTH request

HaniHelou — Wed, 16 Apr 2014 15:56:12 GMT

Hi,

I'm new to ArcGIS and I'm trying to understand the authorization process. I will be developing code in JavaScript and I already have a developer account and an application that has a clientID and Client Secret. I won't have a specific user using the application, but rather need to allow any user do perform geocoding searches. I think this requires an App login. I'm not sure how these are used to authenticate against the ESRI system. I tried to find some examples, but can't seem to find what I need.

Any help would be greatly appreciated.

thanks
Hani

Re: Application OAUTH request

AkshayHarshe — Thu, 17 Apr 2014 21:08:20 GMT

Hi,
I am not sure if you have tried the resources page on AGS JS Documentation. That explains in depth about OAuth 2.0 and its functionality in depth. There are different ways to set up security and OAuth is one of them. Here are couple links which will explain OAuth in detail.

For Basic OAuth 2.0
https://developers.arcgis.com/javascript/jshelp/ags_secureservices.html

Further Details Regarding OAuth Authentication, User logins and App logins:
https://developers.arcgis.com/authentication/user-logins.html

Sample which uses OAuth:
https://developers.arcgis.com/javascript/jssamples/portal_oauth_inline.html

Also I will suggest keep your app Secret a SECRET. And do not give it to any one. If you give that information out it can be used anonymously and consume your credits for all the processes. So it is always better to provide User log ins when you provide any secured services.

hope this will help you to some extent.

Thanks,
--
Akshay Harshe
Technical Support Analyst
ESRI

Re: Application OAUTH request

HaniHelou — Mon, 21 Apr 2014 15:04:16 GMT

Hi,
I am not sure if you have tried the resources page on AGS JS Documentation. That explains in depth about OAuth 2.0 and its functionality in depth. There are different ways to set up security and OAuth is one of them. Here are couple links which will explain OAuth in detail.

For Basic OAuth 2.0
https://developers.arcgis.com/javascript/jshelp/ags_secureservices.html

Further Details Regarding OAuth Authentication, User logins and App logins:
https://developers.arcgis.com/authentication/user-logins.html

Sample which uses OAuth:
https://developers.arcgis.com/javascript/jssamples/portal_oauth_inline.html

Also I will suggest keep your app Secret a SECRET. And do not give it to any one. If you give that information out it can be used anonymously and consume your credits for all the processes. So it is always better to provide User log ins when you provide any secured services.

hope this will help you to some extent.

Thanks,
--
Akshay Harshe
Technical Support Analyst
ESRI

Thanks Akshay,

I understand now. To summarize:

- To enable secure application login, I need to use a proxy in my JavaScript code.
- The proxy is added using "urlUtils.addProxyRule" method.
- The proxy code can be downloaded from GitHub - https://github.com/Esri/resource-proxy/

The following URL provides more information on using a proxy:
https://developers.arcgis.com/javascript/jshelp/ags_proxy.html

I think this gives me enough to go on.

thanks
Hani

Re: Application OAUTH request

AkshayHarshe — Mon, 21 Apr 2014 15:16:19 GMT

Thats perfect Hani!

You will need a proxy for securing the app login. I think you are on a right Track!! :cool:

Akshay