Anyone successfully built a reverse proxy to pass secret credentials to client side?

1075
2
04-06-2024 04:23 PM
RoderickPerendy
Regular Contributor

Hello all,

I hosting arcgis experience builder apps on an azure web app service. I have a custom widget that requires passing client id and client secrets to an API to bring in weather data. I'm trying my best to avoid storing these client side and so I created an azure keyvault and have registered by web app to read key vault secrets and utilize our active directory for authentication. 

However, azure identity really only works server side so I installed the necessary libraries server side, made a new koa middleware and then bootstrapped the server to apply the new middleware before running the server. 

I'm doing all of this in containers and it boots up, however now my custom widgets don't load. 

koa middlewares are really new to me. 

I'm wondering if anyone has any success stories on this front. 

Thank You!

0 Kudos
2 Replies
RyanDickinson1
Regular Contributor

I'm not sure this fits your scenario or which environment you're using (Enterprise or AGOL) but you can embed credentials in services. Could you perhaps use a rest url from the api and embed the credentials in the Portal/AGOL item similarly to how you did it the key vault?

0 Kudos
RoderickPerendy
Regular Contributor

Hey Ryan, 

Unfortunately the embed credentials really only works for services that exist in the ArcGIS Ecosystem. This is an external API used to fetch weather data. I have to first supply a client id and secret in order to get an authorization token and then pass this along using geo coordinates to get forecasted data. 

0 Kudos