AnsweredAssumed Answered

token expiry

Question asked by tommykwok630dev on Jan 25, 2018
Latest reply on Apr 15, 2019 by bwilsonmgist

Hi members, 

I am having the following challenge

1. I have got a Web Application created within ArcGIS online using the AppBuilder.

2. The App is a private app, not shared to public.

3. This app will be accessible through the UI of another application (ERP)

4. I was then looking for ways to allow token to be used as part of the URI so that any one that have access to the application link (for internal use) will be able to use the App without needing an ArcGIS online account (as currently I cannot embed a non-public web app within an iframe).


By following the steps here, I have been able to generate a code that in turn be used for the exchange of a token + refresh token. Server-based Named User Login | ArcGIS for Developers 


With the token, I can then injected it into the url pointing to the web app e.g.

By doing so, user can access this private app without needing any login.


Problem is, the token generated/refreshed seems to have a very short live (max 1800 seconds).

I have tried injecting different expiration parameter value within the address below


However it appears that the upper limit of the expiration value is 30, and any value above that will have no effect to the expiry length.


Am I doing anything wrong or if the 1800 seconds limit can be extended?

The usage case is that, the user will stay in the map for more than 5 minutes, and I cannot simply keep refreshing the map with an updated token.


Do I have to use some other method to call the Web app in order to over come the above issue.


I hope the above make senses.