So we implemented a server-side token generator, since our app users don't have (and shouldn't) a ArcGIS Online account, only the server through a client_id and client_secret.
But I couldn't find a way to authenticate through the JS API using only a token or setting a custom getToken
function.
I tried to simply add the token to the layer url, but it opened the login popup :
const testLayer = new FeatureLayer({ url: "https://services3.arcgis.com/.../ArcGIS/rest/services/.../FeatureServer/0?token=..." });
Ideally I also want the Javascript to able to access an ArcGIS Online item using only the token, for example a web map JSON.
Using ArcGIS Javascript API 4
The IdentityManager handles authentication in the JavaScript API. You can register a token using this method
Do I need to automatically refresh it? The token comes from a proxy server. I don't understand how to set a custom refresh token function
You would need to refresh the token when it expires. You could create a long term token so that the switch happens less frequently.
Yes its no problem for me to make a custom refreshToken function, I was just wondering if it the IdentityManager tries to update it automatically? Because that would give an error
Have you looked into the Esri resource proxy? It does all of the authenticating for you, and works for your use case (accessing secured resources without logging in)
Is it possible to register multiple tokens by calling registerToken() multiple times with different server urls? Will the IdentityManager then know when service enpoints get which tokens based on server url?
As Ben Elan suggested, using the Esri proxy is probably the easiest way to approach this.