Community

How to capture OAuth Esri code after 100.11 deprecations?

984
6
Jump to solution
11-09-2021 02:24 PM
greg_eam
by
New Contributor III
‎11-09-2021 02:24 PM

I recently upgraded to the ArcGIS Runtime SDK for iOS version 100.12 from 100.9 and now my OAuth single-sign-on does not work. The OAuth sign-on view does display, but once I enter my credentials and click Sign In, I am no longer able to capture the Esri login code that I need.

I understand that these methods were deprecated in 100.11:

  • AGSApplicationDelegate.shared().application(_:open:options:)
  • AGSAuthenticationManagerDelegate wantsToShowViewController(_:viewController:) 
  • AGSAuthenticationManagerDelegate wantsToDismissViewController(_:viewController:)

However, in my AppDelegate, application(_:openUrl:Options:) no is no longer called after after sign-in is completed.

From what I've seen so far, it sounds like I shouldn't need to make any code changes for this to work. I feel like I am missing something. Any help would be appreciated!

Greg

Tags (4)
0 Kudos
1 Solution

Accepted Solutions
greg_eam
by
New Contributor III
‎12-07-2021 12:22 PM

After much more research, I have found the solution to this. It turns out that I needed to use the 2nd method for implementing OAuth (register a custom URI handler) defined here. I was previously using the 1st method: https://developers.arcgis.com/documentation/mapping-apis-and-services/security/arcgis-identity/serve...

The steps:

  1. Implement AGSAuthenticationManagerDelegate (https://developers.arcgis.com/ios/api-reference/interface_a_g_s_authentication_manager.html#a96f0b45...)
  2. Set the AGSAuthenticationManager.shared().delegate to the delegate implementation
  3. Call the Esri OAuth2 authorize endpoint (sharing/rest/oauth2/authorize) using ASWebAuthenticationSession
  4. In the callback, parse the Esri code out of the result URL
  5. Call the Esri OAuth2 token endpoint (sharing/rest/oauth2/token) using AGSRequestOperation
  6. In the callback, parse the Esri token from the response
  7. Initialize an AGSPortal and call load on it
  8. In AGSAuthenticationManagerDelegate.didReceiveAuthenticationChallenge, initialize an AGSCredential with the Esri token (https://developers.arcgis.com/ios/api-reference/interface_a_g_s_credential.html#af11a55ef3f3ae29670a...)
  9. Call continueWithCredential on the challenge object (https://developers.arcgis.com/ios/api-reference/interface_a_g_s_authentication_challenge.html#a4cac4...)
  10. Call the custom server application with the Esri code to log into custom product

View solution in original post

0 Kudos
6 Replies
NimeshJarecha
by Esri Regular Contributor
Esri Regular Contributor
‎11-10-2021 07:33 AM

Hi Greg,

 

I would like to know and understand few things to help you with this issue.

1. What do you mean by my OAuth single-sign-on does not work?

2. What extra code you had in the AppDelegate's, application(_:openUrl:Options:)?

3. What you were doing with the Esri login code from the delegate method?

 

Regards,

Nimesh

0 Kudos
greg_eam
by
New Contributor III
‎11-10-2021 08:55 AM

Hi Nimesh,

  1. By OAuth single-sign-on not working, I mean that my app's redirect URL is not getting called after Sign In is clicked on the ArcGIS login screen. This had been taking place through the AppDelegate's application(_:openURL:options) method.
  2. In this AppDelegate method, I have code that parses out the Esri login code from the provided URL.
  3. Once I have the Esri login code, I then pass it to my organization's portal which validates it and returns a login token for my app.

Thanks,

Greg

0 Kudos
greg_eam
by
New Contributor III
‎11-10-2021 09:17 AM

I should also mention that after I upgraded the Runtime SDK, a prompt now shows before the ArcGIS login screen appears. It warns that my app wants to use "arcgis.com" to sign in and I have to press Continue to get the the ArcGIS login.

0 Kudos
NimeshJarecha
by Esri Regular Contributor
Esri Regular Contributor
‎11-10-2021 09:46 AM

Hi Greg,

 

1. Just to let you know why we deprecated those delegate methods. We were using SFSafariViewController to display the OAuth login page which is changed to use ASWebAuthenticationSession which does not require the AppDelegate's, application(_:openUrl:Options:) to be called. Still you have to setup your App to use the redirectURL as ASWebAuthenticationSession is going to use it. Also, the additional prompt you are getting is from ASWebAuthenticationSession as well. 

2. You don't need to generate a token using the Esri login code as we do it.

3. Once, AGSPortal object is loaded, you will see the generated access token using the Esri login code on the AGSPortal.credential.token. 

 

Hope this helps!

 

Regards,

Nimesh

0 Kudos
greg_eam
by
New Contributor III
‎11-10-2021 10:29 AM

Nimesh,

Thank you for this information. I did try using the AGSPortal.credential.token value to do my login and it failed. I found the following error on my app's server: "{ code: 400, message: Invalid code }".

I should clarify that I am not using the Esri login code to generate a token from Esri; I am using the Esri login code to generate a token for my own product's login. On my app's server, the Esri code I pass from iOS is validated here with a grant type of authorization code: https://www.arcgis.com/sharing/rest/oauth2

Once validated, my app's server provides its own token back to iOS so that I may login to my app. All of this is done after the ArcGIS login succeeds.

0 Kudos
greg_eam
by
New Contributor III
‎12-07-2021 12:22 PM

After much more research, I have found the solution to this. It turns out that I needed to use the 2nd method for implementing OAuth (register a custom URI handler) defined here. I was previously using the 1st method: https://developers.arcgis.com/documentation/mapping-apis-and-services/security/arcgis-identity/serve...

The steps:

  1. Implement AGSAuthenticationManagerDelegate (https://developers.arcgis.com/ios/api-reference/interface_a_g_s_authentication_manager.html#a96f0b45...)
  2. Set the AGSAuthenticationManager.shared().delegate to the delegate implementation
  3. Call the Esri OAuth2 authorize endpoint (sharing/rest/oauth2/authorize) using ASWebAuthenticationSession
  4. In the callback, parse the Esri code out of the result URL
  5. Call the Esri OAuth2 token endpoint (sharing/rest/oauth2/token) using AGSRequestOperation
  6. In the callback, parse the Esri token from the response
  7. Initialize an AGSPortal and call load on it
  8. In AGSAuthenticationManagerDelegate.didReceiveAuthenticationChallenge, initialize an AGSCredential with the Esri token (https://developers.arcgis.com/ios/api-reference/interface_a_g_s_credential.html#af11a55ef3f3ae29670a...)
  9. Call continueWithCredential on the challenge object (https://developers.arcgis.com/ios/api-reference/interface_a_g_s_authentication_challenge.html#a4cac4...)
  10. Call the custom server application with the Esri code to log into custom product
0 Kudos