I am working off this example code to build my app
https://github.com/Esri/arcgis-runtime-samples-dotnet/blob/main/src/WPF/ArcGISRuntime.WPF.Viewer/Sam...
https://github.com/Esri/arcgis-runtime-samples-dotnet/blob/main/src/WPF/ArcGISRuntime.WPF.Viewer/Hel...
This code pops up an arcgis online login screen to authenticate the user. Instead I want to supply it with a RefreshToken that I got elsewhere (specifically I have a web site which also authenticates to Arcgis online's OAuth login system. My app is paired with the website using my own mechanism to link the two and share data between them. My goal is to not require the user to keep logging into Arcgis whenever they view a map (which this example seems to do) and minimise the number of logins full stop.
This answer seem to describe a scheme that would work in the Javascript library, but I cannot find the registerToken method in C#
https://community.esri.com/t5/arcgis-api-for-javascript-questions/how-to-authenticate-using-only-a-t...
Solved! Go to Solution.
I've asked our internal security guild for some guidance, but my initial concern with this approach would be that it may go against the OAuth 2 spec, perhaps conflicting here: OAuth 2.0 Security Best Current Practice (ietf.org) ?
A bit of looking through examples and reading the docs implies that
OAuthTokenCredential oauth2Token = new OAuthTokenCredential(new Uri(url), access_token); AuthenticationManager.Current.AddCredential(oauth2Token);
Would prevent the OAuth2 windows from popping up in the above case if I had a valid access_token for it. Is this correct?
I've asked our internal security guild for some guidance, but my initial concern with this approach would be that it may go against the OAuth 2 spec, perhaps conflicting here: OAuth 2.0 Security Best Current Practice (ietf.org) ?