Select to view content in your preferred language

token expiry

3222
2
01-25-2018 12:01 AM
TommyKwok
New Contributor

Hi members, 

I am having the following challenge

1. I have got a Web Application created within ArcGIS online using the AppBuilder.

2. The App is a private app, not shared to public.

3. This app will be accessible through the UI of another application (ERP)

4. I was then looking for ways to allow token to be used as part of the URI so that any one that have access to the application link (for internal use) will be able to use the App without needing an ArcGIS online account (as currently I cannot embed a non-public web app within an iframe).

By following the steps here, I have been able to generate a code that in turn be used for the exchange of a token + refresh token. Server-based Named User Login | ArcGIS for Developers 

With the token, I can then injected it into the url pointing to the web app e.g. http://xxx.maps.arcgis.com/apps/webappviewer/index.html?id=#webappid#&token=#tokenRetreived#

By doing so, user can access this private app without needing any login.

Problem is, the token generated/refreshed seems to have a very short live (max 1800 seconds).

I have tried injecting different expiration parameter value within the address below

https://www.arcgis.com/sharing/rest/oauth2/authorize?client_id=#client_id#&response_type=code&expira...

However it appears that the upper limit of the expiration value is 30, and any value above that will have no effect to the expiry length.

Am I doing anything wrong or if the 1800 seconds limit can be extended?

The usage case is that, the user will stay in the map for more than 5 minutes, and I cannot simply keep refreshing the map with an updated token.

Do I have to use some other method to call the Web app in order to over come the above issue.

I hope the above make senses.

0 Kudos
2 Replies
BrianWilson3
Regular Contributor

I'm been waiting for this function to be fixed as well.  I logged a bug about a year ago on this issue.  #BUG-000112228.  ESRI described it as once you change the default value, it locks to 30 minutes whether you set that or not.  They said that even if you change it back it sticks with the 30 minutes. I had a script setup pointed at a service and was able to get it right on the 30 minute mark like you.  ESRI has had it marked as "In Product Plan" for over half a year.  I logged this in 10.6 and still see it in 10.6.1, i bet its in 10.7.  This bug has made your Portal WAB maps unusable for our purposes.

0 Kudos
BrianWilson3
Regular Contributor

Just a heads up this appears to be fixed in 10.7.1.  What they don't tell you is that you have to go into the token settings for AGS and reapply them in order to make them stick this time.  I'm currently testing and am seeing tokens successfully last past 30 minutes.

0 Kudos