My question involves both Javascript and Python, so I'll post in both forums.
I'm developing an API for custom geoprocessing tasks done in Python, and I'm trying to use AGOL Oauth2 authentication to authorize users to using my API.
Here's the flow :
1) User a custom WebAppBuilder application, and logs in via his AGOL Organization
2) Custom Javascript code makes a requests to the custom API and appends a Token
3) Python then makes a request to verify if this token is valid.
My problem here is with steps 1 and 2, 2 being the related to this forum.
Pseudo example of python API:
def authenticate(request):
token = request.token
valid = arcpy.isAuthenticated(token)
if valid:
return Response.ok()
return Response.fail()
All I need is to Authorize the token, NOT Authenticate.
I just need the OAuth server to tell me this Token is valid and not expired.
Or I'm also open to other suggestions to implement authorization in my API without requesting user credentials (as he already is logged in)