https://community.esri.com/t5/arcgis-enterprise-questions/support-the-oauth2-0-token-exchange-grant-type/m-p/1602768#M41963 <P>Hello,</P><P>Just wondering is there is any plan to extend a bit the scope of OAuth to support non interactive login and ease integration of a small map components into more complex web application or micro services architecture ?</P><P>I found a couple of threads asking for that but it seems to me they did not catch the deserved attention as they did not get any reply which is generally not a good sign...</P><P><A href="https://community.esri.com/t5/arcgis-online-questions/access-organization-resource-programmatically/m-p/1600638#M64193" target="_blank" rel="noopener">https://community.esri.com/t5/arcgis-online-questions/access-organization-resource-programmatically/m-p/1600638#M64193</A></P><P><A href="https://community.esri.com/t5/arcgis-enterprise-ideas/support-the-oauth2-0-token-exchange-grant-type/idi-p/1341294" target="_blank" rel="noopener">https://community.esri.com/t5/arcgis-enterprise-ideas/support-the-oauth2-0-token-exchange-grant-type/idi-p/1341294</A></P><P>What is ESRI's point of view on this request ? Is there anything wrong with this method and your authorization scheme ?</P><P>In your documentation, you are pushing for OAuth2.0 to be used:</P><P><A href="https://developers.arcgis.com/documentation/security-and-authentication/user-authentication/flows/generate-token-flow/" target="_blank" rel="noopener">https://developers.arcgis.com/documentation/security-and-authentication/user-authentication/flows/generate-token-flow/</A></P><P>Allowing token_exchange would I think, prevent some complex architecture leveraging `generate-token-flow` to bypass this limitation.</P><P>Thanks for listening,</P> Fri, 04 Apr 2025 14:30:46 GMT NicolasGIS 2025-04-04T14:30:46Z https://community.esri.com/t5/arcgis-enterprise-questions/support-the-oauth2-0-token-exchange-grant-type/m-p/1602768#M41963 <P>Hello,</P><P>Just wondering is there is any plan to extend a bit the scope of OAuth to support non interactive login and ease integration of a small map components into more complex web application or micro services architecture ?</P><P>I found a couple of threads asking for that but it seems to me they did not catch the deserved attention as they did not get any reply which is generally not a good sign...</P><P><A href="https://community.esri.com/t5/arcgis-online-questions/access-organization-resource-programmatically/m-p/1600638#M64193" target="_blank" rel="noopener">https://community.esri.com/t5/arcgis-online-questions/access-organization-resource-programmatically/m-p/1600638#M64193</A></P><P><A href="https://community.esri.com/t5/arcgis-enterprise-ideas/support-the-oauth2-0-token-exchange-grant-type/idi-p/1341294" target="_blank" rel="noopener">https://community.esri.com/t5/arcgis-enterprise-ideas/support-the-oauth2-0-token-exchange-grant-type/idi-p/1341294</A></P><P>What is ESRI's point of view on this request ? Is there anything wrong with this method and your authorization scheme ?</P><P>In your documentation, you are pushing for OAuth2.0 to be used:</P><P><A href="https://developers.arcgis.com/documentation/security-and-authentication/user-authentication/flows/generate-token-flow/" target="_blank" rel="noopener">https://developers.arcgis.com/documentation/security-and-authentication/user-authentication/flows/generate-token-flow/</A></P><P>Allowing token_exchange would I think, prevent some complex architecture leveraging `generate-token-flow` to bypass this limitation.</P><P>Thanks for listening,</P> Fri, 04 Apr 2025 14:30:46 GMT https://community.esri.com/t5/arcgis-enterprise-questions/support-the-oauth2-0-token-exchange-grant-type/m-p/1602768#M41963 NicolasGIS 2025-04-04T14:30:46Z