My organization is working on an app using the JS API that would allow other organizations to view their private content from ArcGIS Online on a map within our application. We plan to surface private content via REST endpoint URLs that originate in the user's ArcGIS Online account. We do not want the user to have to use a login screen to access the private content; rather, we'd like the user to be able to give their username/password somewhere in our app's settings beforehand, and then automatically see their private content when accessing the map. I've been working through the IdentityManager documentation to find a way to surface private content on maps without prompting the user with a login screen, and have come to the solution below that passes username and password to get an ArcGIS token, and then registering the token and adding the private feature layer to the map if the there is a token response. I was wondering whether anyone could comment on whether this looks like a valid approach and whether it's within TOU for the JS API - I find the documentation around authentication a bit confusing, so just looking for a sanity check 🙂 thanks!!
var tokenUrl = "https://www.arcgis.com/sharing/generateToken"
var requestParams = {
method: "post",
query: {
f:"json",
username: 'USERNAME',
password: 'PASSWORD',
referer: window.location.origin
}
};
esriRequest(tokenUrl, requestParams).then(response => {
var token = response.data.token
esriId.registerToken({
server: "https://www.arcgis.com/sharing/rest",
token: token
});
if (response)
var privateLayer = new FeatureLayer({
url: "PRIVATE LAYER URL"
});
map.add(privateLayer);
}
})
Solved! Go to Solution.
Never got a response to this specific question, but we ended up using the OAuth2.0 functionality available in the API (https://developers.arcgis.com/javascript/latest/api-reference/esri-identity-IdentityManager.html). The user still has to sign in sometimes, but they can stay signed in, and this way OAuth is handling credentials for us (rather than us having to store them somewhere).
I'm looking to do the same thing. Did you figure it out?
Never got a response to this specific question, but we ended up using the OAuth2.0 functionality available in the API (https://developers.arcgis.com/javascript/latest/api-reference/esri-identity-IdentityManager.html). The user still has to sign in sometimes, but they can stay signed in, and this way OAuth is handling credentials for us (rather than us having to store them somewhere).
That's understandable, I think having the user log in is the way Esri generally intends it to work. We didn't want the users to have direct access to the content in ArcGIS Enterprise, only through our custom application, so we went with the method in your original post and it works too. We store the credentials on the app server and use them to generate a token, the use the esriId.registerToken workflow. It works in development, but we haven't put it into production yet.
Thanks!
I provided some additional options in a post recently.