I want to be able to bypass the login screen that is shown when trying to view private layers on a map using the JS API. I've found this solution using application credentials that works using client_id and client_secret after registering an application:
var url = "https://www.arcgis.com/sharing/rest/oauth2/token";
var token = "";
esriRequest(url, {
query: {
client_id: "CLIENT_ID",
client_secret: "CLIENT_SECRET",
grant_type: "client_credentials"
},
method: "post"
})
.then((response) => {
token = response.data.access_token;
esriId.registerToken({
server: "https://www.arcgis.com/sharing/rest",
token: token
})
})
.catch((err) => {
if (err.name === 'AbortError') {
console.log('Request aborted');
} else {
console.error('Error encountered', err);
}
});
...but after checking here (https://developers.arcgis.com/documentation/security-and-authentication/other-authentication-methods... I'm unclear whether I'd be within the terms of use using this method. I see that under limitations I'm directed to use ArcGIS Identity to access private content, but that link details a method that requires login, which is what I'm trying to avoid (though I haven't tested the workflow that is described there). Can anyone verify whether the method above is within terms of use for the JS API? Thanks so much in advance.
Unfortunately, what you are describing is likely a violation of the terms of use...
If you are hardcoding a single user's credentials in an application that multiple people will use to access private content, then that will be a violation of the Arcgis.com Terms of Use.
See section 2.5:
https://www.arcgis.com/home/termsofuse.html