How to X-Esri-Authorization header for get request

HariKrishnaInukollu · ‎03-15-2023

Hi All, i want to hide the token passed as a query parameter in every map request. The Web App Builder application is querying arcgis portal for resources passing the token every time. I need to hide this token from the query parameter. I found that ESRi has suggested to send the token in the X-ESRI-Authorization header instead of as query parameter in the below link

[Access ArcGIS token-secured web services—ArcGIS Server Administration (Windows) | Documentation for Ar...](https://enterprise.arcgis.com/en/server/latest/administer/windows/accessing-arcgis-token-secured-web...)

Kindly let me know how to configure the JavaScript application to send the token in the X-ESRI-Authorization header instead of as query parameter.

Thanks

Hari

Omar_A · ‎04-03-2023

Hi,

Try to modify the code to include the token in the header.

for example, OAuth2 or ArcGIS token authentication, here the exmaple javascript

esriRequest(url, {
query: {
// Set any query parameters here
},
headers: {
"X-ESRI-Authorization": "Bearer " + token
}
}).then(function(response) {
// Handle the response here
}).catch(function(error) {
// Handle any errors here
});

You need to replace url with the URL of the resource you want to access, and token with the token you retrieved.

View solution in original post

Hal-AhmedShehata · ‎11-22-2023

Hi @Omar_A
I'm trying to send a request from AGOL map viewer to geoserver to bring in a WMS. My logged-in AGOL user is federated using Okta and Geoserver is also federated with the same Okta IdP instance. Is there anyway that I can send the bearer/token with the WMS request header so Geoserver can recognise it and doesn't ask for username and pass?

View solution in original post

Omar_A · ‎04-03-2023

Hi,

Try to modify the code to include the token in the header.

for example, OAuth2 or ArcGIS token authentication, here the exmaple javascript

esriRequest(url, {
query: {
// Set any query parameters here
},
headers: {
"X-ESRI-Authorization": "Bearer " + token
}
}).then(function(response) {
// Handle the response here
}).catch(function(error) {
// Handle any errors here
});

You need to replace url with the URL of the resource you want to access, and token with the token you retrieved.

Hal-AhmedShehata · ‎11-22-2023

Hi @Omar_A
I'm trying to send a request from AGOL map viewer to geoserver to bring in a WMS. My logged-in AGOL user is federated using Okta and Geoserver is also federated with the same Okta IdP instance. Is there anyway that I can send the bearer/token with the WMS request header so Geoserver can recognise it and doesn't ask for username and pass?

alegarma_dev · ‎08-12-2024

Hi,

I am Alex. I am not an expert in this but is it possible to do it with interceptors (previously with a token) with something like this:

esriConfig.request.interceptors.push({
// interceptar todas las solicitudes
urls: ["https://services5.arcgis.com/"],

before: function(params) {
console.log("Interceptando solicitud:", params.url);

// Agregar un encabezado personalizado
params.requestOptions.query = params.requestOptions.query || {};
params.requestOptions.query.token = token;
},

after: function(response) {
console.log("Interceptando respuesta:", response);

// Manejar la respuesta aquí si es necesario
return response;
},

error: function(error) {
console.error("Error en la solicitud:", error);

// Manejar errores aquí si es necesario
return Promise.reject(error);
}
});

It gives as an error:

Crossed origin request blocked. Same origin policy is not allowed in remote resources in https://services5.arcgis.com/xyzxyz/arcgis/rest/services/xyzxyzx/FeatureServer?f=json. (‘x-esri-authorization’ header not permited in header ‘Access-Control-Allow-Headers’ previous verification of CORS response).

Thank you,