OAuth2 PKCE Flow, will Portal for ArcGIS support this authentication flow?

254
1
02-12-2020 01:22 AM
MarkoReiprecht1
New Contributor

Currently Portal for ArcGIS and ArcGIS Online support the "implicite flow" for browser based logins:

Browser-based Named User Login | ArcGIS for Developers 

The implicit flow is some kind of "deprecated" and I found following recommandation:

"Public clients such as native apps and JavaScript apps should now use the authorization code flow with the PKCE extension instead."

See https://oauth.net/2/grant-types/implicit/ .

Can I expect that this more secure flow will be supported by ArcGIS Online and Portal for ArcGIS?

1 Reply
pheede-esri
Esri Contributor

Hi Marko,

ArcGIS Online added support for the Authorization Code flow with PKCE in the March 2020 update. ArcGIS Enterprise 10.8.1 will have the same support when released later this year.

Sincerely,

Philip

0 Kudos