We're trying to implement automatic renewal of OAuth 2.0 access tokens for existing layers in our application using the ArcGIS Maps SDK for JavaScript.
We have a server-side application that issues new tokens on request using OAuth 2.0 app authentication (client credentials flow), so that we don't have to expose the client secret to the browser/client. These tokens are issued with a 2-hour validity. We then create layers that use these tokens to authenticate directly against ArcGIS Location Platform.
The problem: if the application runs for longer than 2 hours and the session is still active, we want to refresh the tokens automatically so the layers keep working.
What we've tried so far:
- Updating the layer's apiKey property — the old token is still used in subsequent requests, so the new token doesn't take effect.
- Using IdentityManager with registerToken() — this doesn't allow us to use different tokens within the same application, because the service URLs can be identical (the credential is matched by URL, so we can't register more than one token for the same endpoint).
Ideally we would like to avoid destroying and recreating the Layers to refresh the token.
Has anyone solved a similar problem, or is there official guidance on the recommended approach?
Thanks in advance
