Select to view content in your preferred language

Token Request Fail

4198
8
Jump to solution
05-19-2021 01:37 PM
LeeIrminger
Occasional Contributor

Needing to use IdentityManager to generate and register a token so that a secure feature layer located in Portal can be added. I'm doing my best to follow the documentation and referencing examples that I've seen posted here. The token request is failing- please see below for the section of code and the error message, please let me know if you have suggestions. I am new to javascript and the api. Thank you!

 

// Add Server Info
        var serverInfo = new ServerInfo();
        serverInfo.server = "https://x.y.z.com/webadaptor1/rest/services/";
        serverInfo.tokenServiceUrl = "https://x.y.z.com/portal/sharing/rest/generateToken";
        serverInfo.hasPortal = true;
        esriId.registerServers([serverInfo]);
        var userInfo  = {username:"xyz",password:"xyxpw""client": "referer""referer": document.URL};
// Generate Token
        esriId.generateToken(serverInfo,userInfo).then(function(data){
          var tokenValue = data.token;
          esriId.registerToken({
            server:"https://x.y.z.com/webadaptor1/rest/services/",
            token:tokenValue
        });
// Add Layer
          var featurelayer = new FeatureLayer("https://x.y.z.com/webadaptor/rest/services/folder/feature/MapServer/3")
          map.addLayer(featurelayer);
        },function(error){
          console.error(error);
        });

Failure message:


k {name: 'request:server', details: {…}, message: 'Unable to generate token.'}

arg0:k {name: 'request:server', details: {…}, message: 'Unable to generate token.'}

details:{url: 'https://x.y.z.com/portal/sharing/rest/generateToken', requestOptions: {…}, getHeader: ƒ, ssl: false, httpStatus: 400, …}

getHeader:R=>S.headers.get(R)

httpStatus:400

messageCode:undefined

messages:(1) [''referer' must be specified.']

requestOptions:{query: {…}, method: 'post', authMode: 'anonymous', useProxy: false, signal: undefined}

ssl:false

subCode:undefined

url:'https://x.y.z.com/portal/sharing/rest/generateToken'

__proto__:Object

message:'Unable to generate token.'

name:'request:server'

0 Kudos
1 Solution

Accepted Solutions
BenElan
Esri Contributor

Unfortunately it is not possible to generate a token without user credentials. To hide credentials you can skip the token generation part and just register a token in your app. You can then use a crontab (or Task Scheduler for Windows) to replace the token before it expires.

An alternative that I recommend is re-adding the service to your Portal and storing the credentials there. You can then limit access to your application for the new item. Here is some documentation for that workflow. The documentation mentions ArcGIS Online but it works in Portal as well.

 

View solution in original post

8 Replies
BenElan
Esri Contributor

Here is a sample for generating and registering a token. Change the portalUrl, serviceUrl, username, and password variables to values for your environment.

LeeIrminger
Occasional Contributor

Hi Ben!

Thank you. Is it possible to have it generate a token without passing the username and password through? Can you use a shared key? Or can the username and password be obscured and not exposed in some other way? Can you use a proxy?

0 Kudos
BenElan
Esri Contributor

Unfortunately it is not possible to generate a token without user credentials. To hide credentials you can skip the token generation part and just register a token in your app. You can then use a crontab (or Task Scheduler for Windows) to replace the token before it expires.

An alternative that I recommend is re-adding the service to your Portal and storing the credentials there. You can then limit access to your application for the new item. Here is some documentation for that workflow. The documentation mentions ArcGIS Online but it works in Portal as well.

 

LeeIrminger
Occasional Contributor

Hi Ben, I've tried implementing the solution linked to in the documentation. I can run a HTML file with the javascript code (creating the map and adding the secondary layer with stored credentials) in my local machine's browser, but I am unable to successfully test restricting access. Do you have any suggestions as to what the referrer should be listed as to work with this on my local machine? 

0 Kudos
BenElan
Esri Contributor

The referrer needs to be the URL for the application you are hosting. It will not work when opening the file on your local machine. You will need a web server or to run it on a port on your localhost. You can serve your html file using node as a possible solution.

const http = require('http')
const fs = require('fs')

const server = http.createServer((req, res) => {
  res.writeHead(200, { 'content-type': 'text/html' })
  fs.createReadStream('index.html').pipe(res)
})

server.listen(process.env.PORT || 3000)

Then you would add 'http://localhost:3000' as the referrer to restrict usage.

BenElan
Esri Contributor

Hi Leelrminger,

Were you able to resolve the issue? If so can you please mark an answer as the solution so others can find it in the future?

Thanks

0 Kudos
tigerwoulds
Frequent Contributor

May be useful:

For whatever reason, generating tokens only works for us when using Built In portal account. If we're using another IDP like Active Directory or Azure Active directory then we cant generate an arcgis token using those IDP accounts. 

ahagopian_coj
Regular Contributor

I  know your post is a bit old but do you know if this is still the case?  We are having sync issues in our Workforce where it won't be able to get a token when the user is on the app trying to sync assignments. I am wondering if this is tied to Active Directory.

0 Kudos