Hello,
I wonder if anyone has experience with OAuth authentication in ArcGIS Velocity. Or if there are any examples available.
I am trying to connect to API secured with OAuth 2.0. I choose "configure OAuth" inside HTTP Poller and define token endpoint. I provide all authentication details under POST body, but I constantly get the response that "test request failed".
I test the same connection inside Postman and there, I can get an access_token in response. Request body parameters and token URL are exactly the same.
That's why I wonder if there are any exceptions inside ArcGIS Velocity or some additional configuration one should be aware of. I would appreciate any tips.
Thank you
@Anonymous User Thanks for your question. I am happy to jump on a screen share to review your settings and take a look at the network traffic to get better understand what is going with the API. Feel free to message me directly and we can get something set up.
Hi Jeff, I'm also struggling with a similar case with setting up oAuth to get a Bearer Token for a service I'm using. I think both cases are related to CORS settings on the AGOL site?
Hi @SindreEngh1 go ahead and send me a direct message so we can set up a time to look at your configuration.
Jeff
Hi @JeffEismanGIS
Were you able to help and find the source of the problem? I too am having the same issue but there is no resolution posted here sadly.
Any help is greatly appreciated.
@RyanChase_EsriUK The issue was a http poller OAuth configuration format issue. Here is some documentation that may help. I am happy to jump on a call to look at your configuration so if you would send me a message with some times that may work.
We figured out that the issue was the response from the oAuth service, it's missing a parameter that Velocity expects, the 'Access-Control-Allow-Origin' in the header
We got the following error in the console when trying to configure the call:
Access to fetch at 'https://id.serviceprovider.no/connect/token' from origin 'https://velocity.arcgis.com' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled.
Since the developer of the API did not response to our wishes to add the header parameter to the response we ended up with creating a proxy services that adds this to the header.
Workflow: Velocity calls our Proxy, the proxy calls the oAuth service, the proxy gets the response, adds the Access-Control-Allow-Origin header and then send it to Velocity. Probably not the best solution, but it works for now 😉
@SindreEngh1 Thanks for posting this
@SindreEngh1 thank you for providing the explanation - that makes sense and I can see the same issue in the console. We have used proxies a few times to deal with APIs that cannot be ingested by Velocity, mostly due to CORS.
@JeffEismanGIS - if I were to contact the the developer of my API, presuming it is similar to SindreEngh1's issue, what would I have to request? A header parameter within the response? What would that need to contain?
Thanks for your help all!
Hi @SindreEngh1 ,
Would you please share the code for the proxy, and how it works?
Would you be able to help us?
We created a feature layer in velocity, but it seems that Velocity expects a cors header not available from the us2-iot.arcgis.com domain
Access to XMLHttpRequest at 'https://us2-iot.arcgis.com/usadvanced02/0000/maps/arcgis/rest/admin/services/layer_test/FeatureServer/status?token=&f=json' from origin 'https://org.maps.arcgis.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.