JavaScript Refresh credential and prevent Identity Manager pop-up

BlairJones · ‎09-09-2014

I want to use tokens with a short expire time, generate a new token before expire, and then replace credentials for layers in a map.

My problem is how to prevent ArcGIS Identity Manager from continuing to create a pop-up requesting credentials.

I start with dom.byId('tokenText').value as a token having a short expire time. I start a JavaScript timer giving 30 seconds to create a new token.

I try to update credentials; I'm not sure I know what I'm doing... Pop-ups from Identity Manager occurs anyway.

Here is the "guts" of my work; any suggestions will be cheerfully accepted!

var tokenText,layerSource;

...

ready(function() {

function renewToken(urlOfMapService){

xhr.get({

// The URL of the request

url: "refreshToken.aspx",

// Allow 10 seconds to get new token

timeout: 10000,

// Send the existing token

content: {

token: tokenText

},

// The success callback with result from server

load: function(result) {

//--- result is a Comma Separated Value string of creatTime, expireTime, tokenText

var dataArray = result.split(',');

dataArray.push(urlOfMapService);

//--- UPDATE CREDENTIALS

initializeCredentials( dataArray );

app.map.getLayer("Warblers").credential = credential;

},

// The error handler

error: function(message) {

alert("error:"+message);

}

});

}

function initializeCredentials(a) {

//--- a is Array of creatTime, expireTime, tokenText, resourceURL

//--- call renewToken before expire

waitTime = parseInt(a[1],10)

- parseInt(a[0],10)

- 30000;

credentialsTimer = setTimeout(function(){renewToken(DGIFData)}, waitTime );

//--- fwisCredentials is a global Object variable assigned using JSON in a loaded script

tokenText = a[2];

credential = fwisCredentials.credentials[0];

credential.creationTime = a[0];

credential.expires = a[1];

credential.token = tokenText;

credential.resources.push(a[3]);

fwisCredentials.credentials = [credential];

kernel.id.initialize(fwisCredentials);

}

esri.config.defaults.io.proxyUrl = "https://my.server.com/proxypage_net/proxy.ashx";

layerSource = "https://my.server.com/arcgis/rest/services/Test/Warblers/MapServer";

//--- initial token and times are available at ready event

tokenText = dom.byId('tokenText').value;

initializeCredentials( [

dom.byId('tokenCreateTime').value,

dom.byId('tokenExpireTime').value,

tokenText,

layerSource

]);

app.map = new esri.Map("map", {

center: [-78.839150, 38.061840],

zoom: 7,

basemap: "topo",

slider: true,

showAttribution:true,

logo: false,

autoResize: true

});

//===LAYER LIST AND MAP SERVICES=======================================================================================

var layerObject = new ArcGISDynamicMapServiceLayer(layerSource,

{ id: "Warblers", opacity: .8 });

var flRegions = new FeatureLayer("https://my.server.com/arcgis/rest/services/Public/Agency_Public/FeatureServer/9", {

mode: FeatureLayer.MODE_ONDEMAND

});

app.map.addLayers([flRegions, layerObject]);

}); // ready function end

BlairJones · ‎09-11-2014

Thanks Kelly,

I have looked again at the proxy program code and I understand that the proxy is used to fetch each map tile and

a new token is created and tried when the server request returns an error.

In trying to understand ArcIS API with regard to credentials, I am trying to update within the client web page.

The "simple" solution I have found using only ArcGIS JavaScript API is to:

0) not use credential objects and not use kernel.id.initialize()

1) add a new layer

var tokenText = aGoodTokenString;

var layerObject = new ArcGISDynamicMapServiceLayer(urlOfMapService + "?token=" + tokenText

,{ id: layerID });

app.map.addLayers([layerObject]);

2) using setTimeout()

update the layer.url with a new token string:

tokenText = createNewTokenStringPrivateFunction(tokenText);

map.getLayer(layerID).url = urlOfMapService + "?token=" + tokenText;

There is already an instance of the proxy running on my ArcGIS server. I am gathering client name and password from another independent web server. The generated client web page does not have username and password to pass to the proxy.

I now have a choice to either modify the proxy for my needs, use client side JavaScript to renew the url directly, or both.

View solution in original post

KellyHutchins · ‎09-10-2014

The existing Esri/resource-proxy · GitHub handles this work for you. You just setup the proxy.config file with the url to the service along with the username and password used to generate the token. The proxy will use the provided credentials to get the token and will request a new token when needed.

BlairJones · ‎09-10-2014

Thanks for your suggestion. I understand this proxy will provide a usable token when initially adding a resource to the map object. I may be dense, but how does using this proxy prevent the Identity Manager authorization dialog from poping-up when the token expire time occurs during a client web session?

Before expire time I can use map.removeLayer() followed by map.addLayer() with a new token, but the results are ugly.

kernel.id.initialize() works similar to supplying a first token appended to the layer url, but I can find no documentation for kernel.id

I found property layer.credential in the ESRI web based API descriptions, but I find layer.credential is not assigned by map.addLayer() and anything I place into layer.credential is ignored.

KellyHutchins · ‎09-10-2014

Blair,

Let me make sure I understand your scenario. Are you currently having users log-in to your application with the Identity Manager? If so then the IM should handle getting new tokens if the existing one expires.

If you are not asking users to log-in to access secure services but are generating the token based on stored credentials the proxy will take care of generating a new token when the existing one expires.

BlairJones · ‎09-11-2014