We have been encountering some odd sync issues with Collector (iOS) that appear to be related to a user's credentials.
Several of our web maps contain secure ArcGIS Server (10.3.1) services. Our ArcGIS Server site is secured using Windows users with AGS built-in roles. Our department requires that a user's password be updated every six months.
We have observed that if a user has downloaded a web map, collected some data, and then tries to synchronize edits after changing their password, they will receive a prompt from ArcGIS Server for their credentials. These prompts will persist, even after the user inputs their credentials (updated password as well as old password, if they remember it). It appears that Collector is looking for the password used to download the data, which has expired, whereas ArcGIS Server is looking for the user's current (updated) password. Unfortunately, this causes an endless cycle that eventually prompts us to manually recover the data from the user's device.
To avoid this issue, we have been messaging out to our end users that they need to synchronize any pending edits as well as remove the download features, prior to updating their password. At which point, they can re-download the features.
A similar situation has occurred with our other ArcGIS Server (10.3.1) environment that is secured using AGS built-in users and roles. In this situation, we have users who forget to synchronize their edits prior to signing out and handing over a shared device to one of their colleagues. When this second user tries to synchronize their edits, they are prompted for credentials. The only problem is that this prompt is actually for the first user's credentials, which is not apparent to the second user, and so the second user will enter their credentials. In order to resolve this, the first user must log back in, synchronize their edits, sign out and then hand over the device back to the second user, so that they can synchronize their edits.
So, I guess my question is, does Collector preserve/maintain the user credentials that were used to download the data and if so, must these credentials match those on the server-side in order to synchronize? I believe this is the case, because I observed the same token returned in the generateToken request being passed for the createReplica and submitJob requests. I just imagine that this is further complicated with the addition of token expiration.
Thank you in advance for the help!