Successful authentication directly returns a JSON response containing the access token that allows the application to work with resources that are accessible to the application (that is, have been shared with the application). Use of the client_secret as shown above is mandatory.
But i am unable to access a feature service shared with my organization using the app login workflow, does anyone know how to "share an item with the application"? the owner of the application has access to the item and anyone in the organization has access to it, but with the app login i am unable to access it. This seems like an issue on esri's side, because i see the oauth2 functions trying to generate the token to access the shared feature service and it does generate the token but it still does not have access to that feature service (this is not the token used to do the app login).
Is the feature service owned by the same user as the application owner?
If used to access hosted services, the service(s) must be owned by the user accessing it, (with the exception of credit-based esri services, e.g. routing, geoenrichment, etc.) source
