Implementing app authentication with client secret in Runtime SDK 200.7

azlotin

I have the following working Runtime SDK 100.x code implements application authentication:

ServerInfo serverInfo = new ServerInfo
{
ServerUri = new Uri(SERVER_URL),
TokenAuthenticationType = TokenAuthenticationType.OAuthClientCredentials,
OAuthClientInfo = new OAuthClientInfo { ClientId = CLIENT_ID, ClientSecret = CLIENT_SECRET, RedirectUri = new Uri(REDIRECT_URL) }
};

AuthenticationManager.Current.RegisterServer(serverInfo);
AuthenticationManager.Current.OAuthAuthorizeHandler = new OAuthAuthorize();
AuthenticationManager.Current.ChallengeHandler = new ChallengeHandler(CreateCredentialAsync);

As OAuthClientInfo is obsolete at 200.7, I have rewritten this as:

ServerInfo serverInfo = new ServerInfo(new Uri(SERVER_URL))
{
TokenAuthenticationType = TokenAuthenticationType.OAuthClientCredentials,
};

AuthenticationManager.Current.RegisterServer(serverInfo);
var userConfig = new OAuthUserConfiguration(new Uri(SERVER_URL), CLIENT_ID, new Uri(REDIRECT_URL));
AuthenticationManager.Current.OAuthUserConfigurations.Add(userConfig);
AuthenticationManager.Current.OAuthAuthorizeHandler = new OAuthAuthorize();
AuthenticationManager.Current.ChallengeHandler = new ChallengeHandler(CreateCredentialAsync);

How do I include Client Secret here so the users are not getting the authentication prompt? I understand I should be using OAuthApplicationCredential, but I cannot figure out how.

Thanks!

dotMorten_esri

To add to Preeti's answer, ALL of the above code can be replaced with

AuthenticationManager.Current.AddCredential(await OAuthApplicationCredential.CreateAsync(SERVER_URL, CLIENT_ID, CLIENT_SECRET));

When using an app credential added up front, there's no need for messing with server infos, oauth configs, credential callbacks etc. Just the above line before accessing your server.

View solution in original post

PreetiMaske

Here is the detailed blog post that explain usage of new auth APIs and how to best use them

https://www.esri.com/arcgis-blog/products/sdk-net/developers/new-auth-apis-for-dotnet-sdk

Please give this a read, especially `Configuring OAuth` section that particularly talks about OAuth. For OAuth app authentication, pass client ID and client secret directly to OAuthApplicationCredential.CreateAsync.

Hope this helps,

Thanks

dotMorten_esri

To add to Preeti's answer, ALL of the above code can be replaced with

AuthenticationManager.Current.AddCredential(await OAuthApplicationCredential.CreateAsync(SERVER_URL, CLIENT_ID, CLIENT_SECRET));

When using an app credential added up front, there's no need for messing with server infos, oauth configs, credential callbacks etc. Just the above line before accessing your server.

azlotin

Thank you both for the prompt answers!