I'm currently working on building a widget within the ESRI Experience Builder. After successfully authenticating and receiving an access token from ESRI, I've encountered an obstacle when attempting to exchange this token for a token on my authorization server.
The challenge arises because the token received from ESRI is not a JWT, but rather needs to be an id token for the token exchange process to proceed smoothly.
Has anyone encountered a similar issue and successfully resolved it? I'm seeking guidance on how to generate a token suitable for exchange or if there's documentation available outlining the token exchange process specifically for the ESRI Experience Builder.
I'm curious how this manifests.
For me if I'm not authenticated into local developer Exb I have to authenticate (for us its through a domain, but it could be with user and password), but if after loading, a map, or data source is protected, EXB may prompt again and sometimes this is because the layers are on different servers with different permissions.
Are you seeing a second prompt after EXB loads for the app dashboard or app itself? Or is it an additional prompt before Exb Loading?
It's not an additional prompt in its current state. Though, I haven't yet implemented it in EXB end-to-end, so a lot of this is just seeing if it's possible to use the token exchange with my auth server. Currently, I'm using the access token generated when logging into EXB the first time.