Goal: Develop a web application using ArcGIS Javascript API that has a single login experience for the end user and that enables them to edit feature layers hosted on ArcGIS Online.
Setup: We are using a closed Wordpress instance (registration is off, credentials provided to a small user group) to handle user login/logout. Some layers consumed by the application are hosted on ArcGIS Online, others are hosted on our own instance of ArcGIS Server.
Background: According to this documentation, there are two authentication options for protected layers: (1) user login, and (2) application authentication. We must use the first option because of the limitations associated with application authentication, specifically the inability to edit features.
In order to maintain our single login experience, we are trying to figure out the best way to bypass the ArcGIS Online signin dialog that is associated with user login.
Based on some research, one way to go about doing this is to (a) generate a token using a "generic AGOL user" that has access to the necessary data layers and then (b) use that token with every request of a secured layer.
We can use a post request to successfully generate this token using hard-coded credentials in a PHP file on the server. But, as this post suggests, it is unsafe to pass the token to the client, so it is best to use a proxy to do everything.
Question: We want to use the proxy service that generates a token from hard-coded AGOL credentials and then appends that token to every request to a secure layer made by our Javascript app. Are there any examples of this available for us to reference?
