Our application runs a containerized celery/redis parallelized process that creates a token by the parent container that is used for child containers. This token is what we use to instantiate our GIS connection. Because each container spins up to do a short-ish task, we don't want to create a new connection and get a new token every time a container arises, and the parent process can run for over our default token expiration time, so we have to manually request a token longer than 24 hours. Our call is this:
gis = GIS(portal_url, token=prod_token)
layer = gis.content.search(layerid)
The strange thing is I've tried the pip versions 1.8.0, 1.8.1, 1.8.2, 1.8.3, 1.8.4, and 1.8.5.post3 and they all have the line commented out that would pass the token from the arcgis._con.token to the request. If I manually edit the arcgis/features/layer.py line to remove the comment, it's able to add the layer, and I can manually add the layer through the UI, so it's not a permissions issue. We could conceivably open the layer permissions for global edit access, but that seems like a bad idea.
Here's the offending line from 1.8.2, which appears to have been changed on 1.8.3, because it was working last week in 1.8.3
return self._con.post(path=edit_url, postdata=params)#, token=self._token)
If someone could please uncomment the token from this line so I can build, or explain another method of using the token, that would be great.