OAuth 2 in Web AppBuilder app

Hi Robert,

I wanted to say that I developed the app using the version of Web AppBuilder that is embedded in Portal, downloaded it, hosted it in IIS and then registered it in Portal.

Sit Sit,

  I have to say that I have never come across someone wanting to do what you are doing. Normally if you are going to host the app on your own server that you would start building the app using WAB Developer and then download and deploy. Downloading from Portal and then deploying means that all your code is minified. Is your web map and data that the app is using shared publicly?

Robert, we have to host the app on our server because we want to call it from another app using a more user friendy URL. I thought that using the Web AppBuilder embedded in Portal was the normal workflow, but I understand that having to do with minified code is a pain.

I will follow your suggestion and restart from the scratches with Web AppBuilder for developer.

Is your web map and data that the app is using shared publicly?

No, all of our data is hosted in ArcGIS server using secured services.

When a user tries to view our app, he is redirected to the Portal standard login page, with all the links (home, gallery, map, scene, group) in the high part of the page and the OAuth form in the middle. I would like to show him only the OAuth form, so that he doesn't get confused.

Did you have tried to use the Proxy resource available at this link?

GitHub - EsriCanada/proxy-oauth: Modified proxy to support AGOL app logins. 

I develop one application using this proxy and works just like you need with 'WAB'. Need some configurations but works fine in my case.

Hi Rafael, thanks for the suggestion. I am working on it, but it keeps redirecting me to the normal Portal authentication page. I suppose that I am missing something in the proxy configuration... Can you please give me some directions?

Do you register  the application with portal and get the APPID and set inside config.json? 
Important to set de security parameters with portal to allow access origin from the url used by the deployed application.

How was this parameters inside your config.json? (see the screenshot).

Yes, I have got it.

I will list all of the changes that I made to the files:

- In the app config.json:

"portalUrl": "https://myorganizationsite/arcgis",

"appId": "111111111111111",

"httpProxy": {

      "useProxy": true,

      "alwaysUseProxy": false,

      "url": "",

      "rules": [

        {
            "urlPrefix": "https://myorganizationsite/arcgis/sharing",
            "proxyUrl": "https://myorganizationsite/proxy-oauth/proxy.ashx"
         },
         {
            "urlPrefix": "https://myorganizationsite/arcgis/rest",
            "proxyUrl": "https://myorganizationsite/proxy-oauth/proxy.ashx"
         }
   ]

}

(I followed this guide: Setting up a proxy with Web AppBuilder Developer Edition | Support Services Blog 

I also tried with

"alwaysUseProxy": true,

"url": "https://myorganizationsite/proxy-oauth/proxy.ashx",

"rules" : []

without luck.)

- in the proxy Web.config:

<appSettings>
      <add key="permitted_referer" value="https://myorganizationsite/*"/>
      <!-- appid's and secrets-->
      <add key="111111111111111111" value="22222222222222222222222222222"/>
      <add key="your_appid" value="your_secret"/>
</appSettings>

in the proxy proxy.config:

<serverUrl url="https://myorganizationsite/arcgis/sharing/generateToken"
matchAll="true"></serverUrl>

Anyway I think that I missed something, because these parameters should grant me direct access to the app, avoiding the login prompt... But it pops-up anyway.