Hi everyone,
We're running into issues trying to implement the Authorization Code Flow for user authentication in our custom web application using the ArcGIS Maps SDK for JavaScript (4.x). We are following the official documentation, specifically: https://developers.arcgis.com/documentation/security-and-authentication/user-authentication/flows/au...
We are trying to implement the full two-step process—receiving the authorization code and manually exchanging it for an access_token—because we need to manage the user session and token refresh on our backend (Node.js/C#/etc.) rather than relying solely on the client-side IdentityManager's implicit flow.
Specific Requests
Working Server-Side Exchange Sample: Does anyone have a fully functional, complete, end-to-end sample project (ideally on GitHub or a code sandbox) that demonstrates the server-side exchange of the authorization code for an access token using a standard web framework (e.g., Node.js/Express, Python/Flask, etc.)?
Registering Server-Side Tokens with IdentityManager: We also need a clear code sample demonstrating how to take a token received from our server and correctly register it with the IdentityManager on the client-side. We're using IdentityManager.registerToken() but are unsure if we're configuring it correctly for ArcGIS Enterprise.
🚧What We've Tried/Our Setup
To help with troubleshooting, here is our current setup and the problem we are encountering:
SDK Version: ArcGIS Maps SDK for JavaScript (4.x)
Authentication Flow: Authorization Code Flow with PKCE
The Problem: The client-side part of our application is failing when we try to register the token we get back from our server. We are receiving a TypeError: Cannot read properties of undefined (reading 'toLowerCase') error in the browser console. This error occurs specifically when we try to load a secured layer after receiving the token.
This seems to indicate that one of the parameters we are passing to a Maps SDK function, likely IdentityManager.registerToken(), is not available, or there is some kind of timing issue.
🌐ArcGIS Online vs. ArcGIS Enterprise
We have a key observation that might point to a specific Enterprise configuration issue:
We have been able to get this entire process working successfully when authenticating against ArcGIS Online.
However, the same code and process fails when we attempt it against our on-premise ArcGIS Enterprise portal, even after trying multiple user accounts.
Any guidance, links to working code, or insight into common pitfalls when manually implementing the token exchange with ArcGIS Online/Enterprise would be greatly appreciated!
Thanks in advance!
