I'm using OAuth to access private data on AGOL. Below is the Python code I'm running on my server:
payload = {'client_id': config.UTILISYNC_ESRI_APP_CLIENT_ID, 'refresh_token': refresh_token, 'grant_type': 'refresh_token', 'expiration': 20160}
response = requests.post(request_url, params=payload)
It executes successfully and I get a token that I can use to access the private AGOL data. However, the expiration I indicated is 2 weeks (20160), but the token expire after 30 or 40 minutes. What happens is I load the private services into my webpage using the Javascript API and the token I received from above. But after 30 or 40 minutes when I pan or zoom and the layer should be refreshed, instead I get an invalid token error on my console and the layer doesn't load.
That is why I would like to know, is there a way I can get the expiration of the token? If I could submit the token to some endpoint and discover that token will actually expire sooner, then I will preemptively refresh the token before that happens.
Also, if anyone has any ideas why my token isn't lasting 2 weeks like I think it should, that would be great to know too!
Thanks!
Matt,
All of what you are doing is already handled by the esri resource proxy and is the recommended way to work with secure services using the JS API.
GitHub - Esri/resource-proxy: Proxy files for DotNet, Java and PHP.
http://blogs.esri.com/esri/supportcenter/2015/04/07/setting-up-a-proxy/
Hey Robert,
Thanks for the quick response!
We don't currently use a resource proxy and prefer not to. It is additional code to maintain and creates additional lag for every request. Is there an AGOL endpoint we can query directly to determine the remaining life of the token?
Thanks,
Matt
Matt,
As I mentioned the proxy is esri recommended workflow. There is no code to maintain you setup the proxy and you are do verses what you are wanting to do is added code to your code base that is already handled for you by an esri recommend approach. I don't know the answer about obtaining token life as I just use a Proxy.