Hi, if I have a webmap host in our portal server, and it is protected by user id and password, how can I embedded the credential into the javascript when open the map or what is the best way to do since I don't want user to enter the portal user id and password?
Is this on your own network using IWA or PKI?
This page discusses the various ArcGIS security scenarios.
https://developers.arcgis.com/documentation/mapping-apis-and-services/security/arcgis-identity/
If it's a public app, but the data is protected via sharing to your ArcGIS Online org, you need to use OAuth, so they have to log in at some point, but the credentials would be saved in the browser so they don't have to log in again until it expires.