Share OAuth Access Token server-side & client-side?

GavinHarriss · ‎12-12-2017

We're authenticating against ArcGIS Portal from an ASP.NET MVC web application using Owin.Security.Providers.ArcGISPortal.

For the page that shows the webmap we'd like to re-use the server-side obtained access token, rather than requiring the user to login a 2nd time with the same credentials using the ArcGIS API for JavaScript 3.22.

Is there anyway to achieve this?

Following the linked example found through the documentation for esri.IdentityManager.registerToken(), I've tried the following method to share the access token:

var credentialsJSON = {
serverInfos: [{
server: "https://[HOST]",
tokenServiceUrl: "https://[HOST]/arcgis/tokens/",
adminTokenServiceUrl: "https://[HOST]/arcgis/admin/generateToken",
shortLivedTokenValidity: 1800,
currentVersion: 10.5,
hasServer: true
}],
oAuthInfos: [],
credentials: [{
userId: user.userId,
server: "https://[HOST]/arcgis",
token: user.userAccessToken,
expires: user.userAccessTokenExpiry,
validity: 1800,
isAdmin: false,
ssl: false,
creationTime: user.userAccessTokenIssued,
scope: "server"
}]
};
esriId.initialize(credentialsJSON);

But I'm still not getting access to the webmap. I see a html login modal over the empty map div with the title "Please sign in to access the item on https://[HOST]/arcgis (b11824af61df463586dad40d1df7abbd)".

In the console log I see the following message logged:

dojo.io.script error Error: You do not have permissions to access this resource or perform this operation.
at Object.g.load (init.js:984)
at init.js:87
at c (init.js:103)
at d (init.js:103)
at a.Deferred.resolve.callback (init.js:105)
at c (init.js:104)
at d (init.js:103)
at a.Deferred.resolve.callback (init.js:105)
at init.js:999
at n (init.js:107)

and for the network request to

https://[HOST]/arcgis/sharing/rest/content/items/b11824af61df463586dad40d1df7abbd?f=json&callback=do...

I see the following response:

dojo.io.script.jsonp_dojoIoScript1._jsonpCallback({"error":{"code":403,"messageCode":"GWM_0003","message":"You do not have permissions to access this resource or perform this operation.","details":[]}});