Sync upload errors when using token authentication

3257
8
Jump to solution
12-16-2015 04:10 PM
Highlighted
Regular Contributor

We are migrating a mobile app to client infrastructure.  The are requiring us to use a pre-generated token to access secured feature services.  No big deal, we wire up the AGSCredential object to use the provided token.  Download and test sync (with no data) works fine.

We are seeing an issue when uploading new data to sync.  It appears that the token is not being sent along with the data to the feature service's upload endpoint.  The error we are seeing is like this:

Error Domain=NSCocoaErrorDomain Code=401 "Empty username/password" UserInfo={NSURL=https://url.for.server/path/to/service/ServiceName/FeatureServer/uploads/randomUUID/uploadPart, NSLocalizedDescription=Empty username/password}

This is the same error we see when the token isn't set correctly, or the referrer URL isn't set.  Makes me think the token from the credential isn't being sent along with the upload.  I've checked the token and referrer in chrome and I can access the upload endpoint from there

This thread from over in .NET land would seem to confirm my suspicion:

GeodatabaseSyncTask + token

Divesh Goyal

Matt Cooper

Reply
0 Kudos
1 Solution

Accepted Solutions
Highlighted
Regular Contributor

uh-oh. We'll fix this.

View solution in original post

8 Replies
Highlighted
Occasional Contributor II

Are you explicitly setting the token on the sync task?

Reply
0 Kudos
Highlighted
Regular Contributor

Hi Gagandeep - thanks for jumping in on this one.

I'm using an AGSCredential object created using the following

    appDelegate.mapCredential = [[AGSCredential alloc] initWithToken:serviceToken referer:kFeatureServiceURL];

    [appDelegate.mapCredential setAuthType:AGSAuthenticationTypeToken];

Where servcieToken is a valid token and kFeatureServiceURL is the URL to the feature service rest endpoint.

As I mentioned above, this is sufficient to download an offline database, and sync the database with no new data present.  It errors out and fails when trying to upload new data.

AGSCredentials created with a username and password do not have this issue.

Reply
0 Kudos
Highlighted
Occasional Contributor II

I am assuming that you are passing this credential object with each request you are making. Is it possible for you to check if the token is actually being passed when you do a sync request with changes? Using something like Charles.

Reply
0 Kudos
Highlighted
Regular Contributor

That's right - I'm using that AGSCredentials object with my sync task

        self.gdbTask = [[AGSGDBSyncTask alloc]initWithURL:[NSURL URLWithString:kFeatureServiceURL]credential:appDelegate.mapCredential];

When I initially implemented this method I turned off all security so I could see the token being passed when the database was requested and synced.  I'll double check to see if it is being passed in the upload task.

Reply
0 Kudos
Highlighted
Regular Contributor

I turned off security and tested an upload with Charles running - it looks like the token is being sent.

Here's what Charles sees:

http://path.to.server/arcgis/rest/services/Alaska/ADFG_Subsistence/FeatureServer/uploads/i2e0c73b3-f...

So the token is being sent but for some reason it is not authenticating correctly when used with the uploadPart endpoint.

Reply
0 Kudos
Highlighted
Regular Contributor

Hmm looking at the requests being sent it appears that when I sync with new data it:

  1. Registers the upload database with the upload task (this is correctly showing the token as one of the request variables)
  2. Attempts to upload a geodatabase part.  This task includes the token in the URL, but it is not appearing as a request variable... the only variables that show up are the format (JSON), partID (0), and file name (longGUID_0.geodatabase)
Reply
0 Kudos
Highlighted
Regular Contributor

I think we figured out the issue.  For all the geodatabase tasks the system dutifully uses the token and referer as defined when initializing the AGSCredential

EXCEPT the uploadPart task

uploadPart seems to be hard coding in a referer of "arcgisios".  This of course is not the referer used to generate the token so the request fails.

If we re-generate the token to use the magic word (arcgisios) as the referer the whole thing works fine.

I'm guessing this is a left over hard-coded value from development or something, maybe something that can be fixed with an update?

Highlighted
Regular Contributor

uh-oh. We'll fix this.

View solution in original post