Select to view content in your preferred language

Authorize token without user password

03-01-2019 09:25 AM
New Contributor III

My question involves both Javascript and Python, so I'll post in both forums.

I'm developing an API for custom geoprocessing tasks done in Python, and I'm trying to use AGOL Oauth2 authentication to authorize users to using my API.

Here's the flow :

1) User a custom WebAppBuilder application, and logs in via his AGOL Organization

2) Custom Javascript code makes a requests to the custom API and appends a Token

3) Python then makes a request to verify if this token is valid.

My problem here is with steps 1 and 2, 2 being the related to this forum.

Pseudo example  of python API:

def authenticate(request):
  token = request.token #Or whatever other information is necessary
  valid = arcpy.isAuthenticated(token) #Just a pseudo example
  if valid:
    return Response.ok()

All I need is to Authorize the token, NOT  Authenticate.

I just need the OAuth server to tell me this Token is valid and not expired.

Or I'm also open to other suggestions to implement authorization in my API without requesting user credentials (as he already is logged in)

0 Kudos
0 Replies