Say I have a secure feature service published from an on premise ArcGIS Server, that I then have added as an item to an AGOL account with stored credentials. i.e. I can sign in to AGOL, and I can now add that as a layer into a web map and do not need to enter credentials.
Now I want an app to be able to sign into AGOL and load that feature service/item (whether directly or via a web map) into a map such that I can edit it, and even generate an offline geodatabase from it.
Obviously the key here is that I want the user to log in with their AGOL account and not have to enter any credentials for the feature service, rather let AGOL handle that using the stored credentials.
Any suggestions on how I should be approaching this? Sample code in any of the templates?
I have never actually tried this but it's something I'd like to be able to do, too. I was thinking that in theory once the user is authenticated to AGOL (example code is in "Sign in OAuth2") then any requests to the registered feature service item's REST endpoint would include the user's AGOL identity, and as long as the registered feature service item is shared with a Group to which the user belongs there would be no need to re-enter credentials. Like I said, I never actually tried it but that's how I was going to approach it.
I think I've figured it out...
I examined the json data for the portal item created when I added the feature service to AGOL. I noticed there was an 'url' and a 'sourceurl' attribute. The 'sourceurl' attribute was the url of the feature service that I added, and the 'url' was one generated by AGOL. I realized that it must create a proxy endpoint.
I was able to take this AGOL generated endpoint and insert it into my app, sign in to AGOL and access the feature service without entering any other credentials. Fiddler only registered traffic to and from AGOL, which is what I want. Only catch was to delay creation of the GeodatabaseFeatureServiceTable until the sign-in was complete. I haven't tested taking that offline yet.
I assume the extension of that is to dynamically read the json of a webmap, crawl the layers and those urls and load them as necessary. For a specific project you probably don't need to do this and can just hard code the endpoint if it is unlikely to change.
I think the Quartz release will have some new methods which make it easier to load webmaps and take them offline.
Hope this helps, and if anyone else with more experience has any tips, please chime in.