Select to view content in your preferred language

How to X-Esri-Authorization header for get request

2420
3
Jump to solution
03-15-2023 02:41 PM
HariKrishnaInukollu
Emerging Contributor

Hi All, i want to hide the token passed as a query parameter in every map request. The Web App Builder application is querying arcgis portal for resources passing the token every time. I need to hide this token from the query parameter. I found that ESRi has suggested to send the token in the X-ESRI-Authorization header instead of as query parameter in the below link

[Access ArcGIS token-secured web services—ArcGIS Server Administration (Windows) | Documentation for Ar...](https://enterprise.arcgis.com/en/server/latest/administer/windows/accessing-arcgis-token-secured-web...)

 

Kindly let me know how to configure the JavaScript application to send the token in the X-ESRI-Authorization header instead of as query parameter.

 

Thanks

Hari

0 Kudos
2 Solutions

Accepted Solutions
Omar_A
by Esri Contributor
Esri Contributor

Hi, 

Try to modify the code to include the token in the header.

for example, OAuth2 or ArcGIS token authentication, here the exmaple javascript

esriRequest(url, {
query: {
// Set any query parameters here
},
headers: {
"X-ESRI-Authorization": "Bearer " + token
}
}).then(function(response) {
// Handle the response here
}).catch(function(error) {
// Handle any errors here
});

You need to replace url with the URL of the resource you want to access, and token with the token you retrieved.

 

View solution in original post

0 Kudos
Hal-AhmedShehata
Occasional Contributor

Hi @Omar_A 
I'm trying to send a request from AGOL map viewer to geoserver to bring in a WMS. My logged-in AGOL user is federated using Okta and Geoserver is also federated with the same Okta IdP instance. Is there anyway that I can send the bearer/token with the WMS request header so Geoserver can recognise it and doesn't ask for username and pass?

View solution in original post

0 Kudos
3 Replies
Omar_A
by Esri Contributor
Esri Contributor

Hi, 

Try to modify the code to include the token in the header.

for example, OAuth2 or ArcGIS token authentication, here the exmaple javascript

esriRequest(url, {
query: {
// Set any query parameters here
},
headers: {
"X-ESRI-Authorization": "Bearer " + token
}
}).then(function(response) {
// Handle the response here
}).catch(function(error) {
// Handle any errors here
});

You need to replace url with the URL of the resource you want to access, and token with the token you retrieved.

 

0 Kudos
Hal-AhmedShehata
Occasional Contributor

Hi @Omar_A 
I'm trying to send a request from AGOL map viewer to geoserver to bring in a WMS. My logged-in AGOL user is federated using Okta and Geoserver is also federated with the same Okta IdP instance. Is there anyway that I can send the bearer/token with the WMS request header so Geoserver can recognise it and doesn't ask for username and pass?

0 Kudos
alegarma_dev
Emerging Contributor

Hi,

I am Alex. I am not an expert in this but is it possible to do it with interceptors (previously with a token) with something like this:

esriConfig.request.interceptors.push({
// interceptar todas las solicitudes
urls: ["https://services5.arcgis.com/"],

before: function(params) {
console.log("Interceptando solicitud:", params.url);

// Agregar un encabezado personalizado
params.requestOptions.query = params.requestOptions.query || {};
params.requestOptions.query.token = token;
},

after: function(response) {
console.log("Interceptando respuesta:", response);

// Manejar la respuesta aquí si es necesario
return response;
},

error: function(error) {
console.error("Error en la solicitud:", error);

// Manejar errores aquí si es necesario
return Promise.reject(error);
}
});

It gives as an error:

Crossed origin request blocked. Same origin policy is not allowed in remote resources in https://services5.arcgis.com/xyzxyz/arcgis/rest/services/xyzxyzx/FeatureServer?f=json. (‘x-esri-authorization’ header not permited in header ‘Access-Control-Allow-Headers’ previous verification of CORS response).

 

Thank you,

0 Kudos