Leaflet Authentication Without Individual Sign In

06-23-2016 06:53 AM
New Contributor III

Hello all,

I am relatively new to programming and software development but thought this is the place to ask. I am currently developing a small app for internal use at my company and am stuck on Leaflet Authentication to access subscriber content (a layer from ArcGIS Online). My company has a  GIS personnel login for AGOL that I would like to enter into my JavaScript code so that anytime someone opens the app, it is already signed in. I am a total newb to JavaScript (this is the first time I have ever used it) but it sort of makes sense.

Can anyone provide me with a snippet of code that I can type the login information into so that it will log in upon launch?

Thanks for the help!

0 Kudos
2 Replies
Frequent Contributor

the first and easiest option for displaying ArcGIS Online content in a Leaflet application that is not shared publicly is to embed credentials directly in your javascript and fetch a token automatically.  this is an EXTREMELY bad idea because you are exposing sensitive credentials in the code that is downloaded to each and every browser that ever opens your website.

L.esri.post('https://www.arcgis.com/sharing/rest/generateToken', {
  username: 'johndoe',
  password: 'password123',
  f: 'json',
  expiration: 60,
  client: 'referer',
  referer: window.location.origin
}, callback);

complete sample: http://esri.github.io/esri-leaflet/examples/arcgis-server-auth.html

a second, more difficult, and more production appropriate option is to utilize a server side proxy to hide the username and password in code that is NOT accessible to your end users so that the proxy can broker requests to secure resources and append a token on its own.

  url: './proxy.ashx?http://services.arcgis.com/uasgdsgd/arcgis/rest/services/SelectivelyShared/FeatureServer/0'

Open Source proxies in ASP.NET, PHP and Java that we host on GitHub


Some conceptual information from the ArcGIS API for JavaScript 3.x documentation


no matter what you do, you'll need to make sure you are honoring your license agreement and making sure the private content is only accessed by the number of ArcGIS Online named users you're paying for.

Occasional Contributor


Did you end up finding a solution that worked well for you?  I'm working on a project with similar requirements.



0 Kudos