Token or Proxy for Experience Builder?

Me also expecting to do a CORS requests for APIs 

Anyone got an solution for the proxy and CORS settings during deployment?

Nothing in the documentation: https://developers.arcgis.com/experience-builder/guide/deployment-topics/

Is there still no response from Esri Experience Builder team about this.  I do not want my clients to have to log into my portal with credentials once or even twice to access an Experience Builder application using secure GIS components.  That gives them too much access power.

Hi Tom,

We have been asking this same question for awhile. Your question prompted me to look into the issue again to see if anything new is out there.

I came across this page, which I can't remember if I have seen before or not.

https://developers.arcgis.com/experience-builder/guide/install-guide/#create-client-id-using-arcgis-...

Can anyone at ESRI tell us if this will allow users to view the Dev Experience via an "on behalf" login. 

ESRI helped me to install the Experience Builder (about a year ago) and I can run things on a localhost:3001, but I am still at a loss as to how I can get this to users without prompting for a portal login - we don't want the OAUTH login to appear, we would like a seamless login.

I was playing with two proof of concepts a while back:

a) Secured content hosted on AGOL - I could get that working by editing the obfusticated code in "~\cdn\1\jimu-arcgis\index.js"

There is for sure a lot of reasons not to do this, but it was just a test if one could get it working. DONT use this for a real world scenario.

b) Secured content hosted on a Portal instance that is protected by internal Active Directory credentials.

No luck here, I gave up. We are not upgrading a WAB application to ExpBuilder yet.

At this point I would prefer to have a good document / tutorial available before I spend more time on it.