app login and private content

1862
2
10-20-2016 12:42 PM
JoshuaDonato1
Deactivated User

I am trying to set up authentication for an app but I am not sure what I am trying to do is possible. The app will be used by users "who are unknown to the ArcGIS platform" so I need to implement an "app login". However, the service to be accessed will need to be private because of confidentiality concerns. From what I have read in the developer docs it sounds like this combination is not possible. I tried to put together some code to try anyhow. If what I am trying is not possible, some alternate ideas would be greatly appreciated. I assume the "easiest" route would be, since I need to keep the service private, to make the individuals using the app ArcGIS Online users. The issue is I do not know who these individuals will be and they will likely change. The "users" will be truck drivers that will carrying the devices in their trucks to record when they enter certain locations.

What I have done so far:

1. Published a server with two layers (0: points, 1: polygons) which functions as expected.
2. Registered an app on developers.arcgis.com and acquired the Client ID and Client Secret.
3. Created a new role ("ThisRole") on ArcGIS Server Manager and added my username as a member (will have to change that at some point).
4. Made the service private and added "ThisRole" as the allowed role.
5. Added the code below to implement "app login".
6. Created a simple app to perform a QueryTask on a layer in the service to see if the app could acquire access.
7. Ran the app with the service public. QueryTask returned with correct query result.
8. Ran the app, multiple times, with the service private. QueryTask result was null.


I have tried several variations of the code below. I am not completely sure which parameters are required and, for some, what the parameter value actually needs to be or where the value comes from. For example, I may be mixing user and app login parameters. I have been using the following resources:

https://developers.arcgis.com/qt/qml/guide/use-oauth-2-0-authentication.htm
https://developers.arcgis.com/authentication/accessing-arcgis-online-services/


App Code:

import QtQuick 2.3
import QtQuick.Controls 1.2
import ArcGIS.Runtime 10.26

ApplicationWindow {
id: appWindow
width: 800
height: 600
title: "authentication"

property string urlPolygonLayer: "url/to/feature/service/layer"

UserCredentials {
id: credentials
oAuthClientInfo: OAuthClientInfo {
clientId: "client_id_from_registered_app"
clientSecret: "client_secret_from_registered_app"
oAuthMode: Enums.OAuthModeApp
}
}

Connections {
target: ArcGISRuntime.identityManager

onOAuthCodeRequired: {
console.log("onOAuthCodeRequired signal")


// ????? Not sure what authCode and authorizationUrl need to be. Tried a few times but no luck.


// Access URL in the authorizationUrl property to obtain auth code
var authCode = …

// apply the auth code to the identity manager
ArcGISRuntime.identityManager.setOAuthCodeForUrl(authorizationUrl, authCode)
}
}

QueryTask {
id: queryTask
url: urlPolygonLayer

onQueryTaskStatusChanged: {
console.log("onQueryTaskStatusChanged signal")

if (queryResult === null) {
console.log("Query result is null.")
} else {
console.log("Query result length: " + queryResult.graphics.length)
}
}
}

Query {
id: query
where: "1=1"
}

Component.onCompleted: {

// Add the credentials to the identity manager

// ????? Not sure what "some_url" is supposed to be here. I have used "https://domain.com/arcgis/rest"
ArcGISRuntime.identityManager.setCredential(
credentials, some_url)

queryTask.execute(query)
}
}

0 Kudos
2 Replies
EricBader
Honored Contributor

Yes, this is doable. You might be missing one thing: you'll need to create a Service Proxy URL for your app login to use, instead of directly going to the private service endpoint.

Working with Proxy Services | ArcGIS for Developers - this may be a helpful resource for you to get started setting up a proxy, in this case.

Hope this helps.

0 Kudos
AkashJain1
New Contributor

Eric, I have same question and I believe OP is correct. App login does not work with private content . 

Limitations of App Login | ArcGIS for Developers 

Currently ArcGIS Online does not provide a way to share Web Maps/Apps with external clients (non-AGO users) without sharing the content with Everyone. This is a much needed feature and has already been requested by many: https://community.esri.com/ideas/11655-client-facing-password-for-shared-apps .

I could not find a work around for this and will really appreciate if you can share how to make this happen. 

0 Kudos