Select to view content in your preferred language

Invalid token (498) from Portal for ArcGIS with oauth2 app login

4068
2
06-27-2018 08:04 AM
AlessandroValra
Frequent Contributor

I am trying to implement oauth2 app login with Portal for ArcGIS 10.6 and private services.

I have a ArcGIS Server hosting these services and it is federated with the Portal.

I enetered my portal with my (unique) admin user.

I created a new Web Mapping App and then registered my app URIs.

I noted down the clientID and secretID.

When I try to access a private service from this same portal, I then do via POST (everything inside <> is just for privacy obviously):

I get the token succesfully in the response and so I do:

identity-manager:not-authorized You are currently signed in as: 'undefined'. You do not have access to this resource: https://geoweb.xxx.com/server/rest/services/Rete_Fognatura/MapServer

This causes the app I am using to pops up the Portal window asking for credentials.

What I have been trying so far, with no luck using the proxy provided by Esri (GitHub - Esri/resource-proxy: Proxy files for DotNet, Java and PHP. )

The proxy.config I am using is:

<?xml version="1.0" encoding="utf-8"?>

<ProxyConfig allowedReferers="*" mustMatch="true" xmlns="proxy.xsd">

  <serverUrls>

    <serverUrl url="https://services.arcgisonline.com" matchAll="true" xmlns="proxy.xsd" />

    <serverUrl url="https://geoweb.xxx.com" clientId="MY_CLIENT_ID" clientSecret="MY_SECRET_ID" rateLimit="600" rateLimitPeriod="60" matchAll="true" oauth2Endpoint="https://geoweb.xxx.com/portal/sharing/rest/oauth2/ " xmlns="proxy.xsd" />

  </serverUrls>

</ProxyConfig>

Finally, I just noticed in the Limitations of App Login | ArcGIS for Developers  that

  • Tokens obtained by applications can only read public content and services.
  • Tokens obtained by applications may read premium content and services hosted by Esri and consume credits on behalf of the application organization.

If you want to access private content within an organization or content that has been shared with a user, you must use the named user login pattern for authentication.

Does this mean I have to use named login with private services of Portal for ArcGIS?

0 Kudos
2 Replies
AlessandroValra
Frequent Contributor

I found this 2014's post with this answer from an Esri person:

In answer to this your application will only be able to read content owned by the same user that created the app.

So it looks that it is possible to use app login in my case.

I do have an app created with the only (admin) user of my portal and I am trying to access private content published on the same portal by the same user.

Can anybody help me solving this issue please?

RobertDriessen1
Occasional Contributor

Hello Allesandro

 

I am having the same problem as you.  Have you managed to solve the problem?

 

Rob

0 Kudos