I am trying to implement oauth2 app login with Portal for ArcGIS 10.6 and private services.
I have a ArcGIS Server hosting these services and it is federated with the Portal.
I enetered my portal with my (unique) admin user.
I created a new Web Mapping App and then registered my app URIs.
I noted down the clientID and secretID.
When I try to access a private service from this same portal, I then do via POST (everything inside <> is just for privacy obviously):
I get the token succesfully in the response and so I do:
identity-manager:not-authorized You are currently signed in as: 'undefined'. You do not have access to this resource: https://geoweb.xxx.com/server/rest/services/Rete_Fognatura/MapServer
This causes the app I am using to pops up the Portal window asking for credentials.
What I have been trying so far, with no luck using the proxy provided by Esri (GitHub - Esri/resource-proxy: Proxy files for DotNet, Java and PHP. )
The proxy.config I am using is:
<?xml version="1.0" encoding="utf-8"?>
<ProxyConfig allowedReferers="*" mustMatch="true" xmlns="proxy.xsd">
<serverUrl url="https://services.arcgisonline.com" matchAll="true" xmlns="proxy.xsd" />
<serverUrl url="https://geoweb.xxx.com" clientId="MY_CLIENT_ID" clientSecret="MY_SECRET_ID" rateLimit="600" rateLimitPeriod="60" matchAll="true" oauth2Endpoint="https://geoweb.xxx.com/portal/sharing/rest/oauth2/ " xmlns="proxy.xsd" />
Finally, I just noticed in the Limitations of App Login | ArcGIS for Developers that
- Tokens obtained by applications can only read public content and services.
- Tokens obtained by applications may read premium content and services hosted by Esri and consume credits on behalf of the application organization.
If you want to access private content within an organization or content that has been shared with a user, you must use the named user login pattern for authentication.
Does this mean I have to use named login with private services of Portal for ArcGIS?
I found this 2014's post with this answer from an Esri person:
In answer to this your application will only be able to read content owned by the same user that created the app.
So it looks that it is possible to use app login in my case.
I do have an app created with the only (admin) user of my portal and I am trying to access private content published on the same portal by the same user.
Can anybody help me solving this issue please?