The documentation is incomplete on this subject. I'll explain what I mean.
"Apps that target users who are unknown to the ArcGIS platform can authenticate with the platform on behalf of the user by using an app login."
So I go here.
It shows how I can register an app and get a client_id and client_secret.
Now what do I do with them?
"Once you have registered your application and obtained a
client_secret, you implement app login to obtain a token. The path to follow from here will depend on which SDK you choose to implement your app with."
"If you are implementing your app using one of the ArcGIS Runtime SDKs then continue with the authentication guide for your platform."
Sounds good, I'll pick Android.
That takes me back here to where I started:
So I keep reading.:
"The ArcGIS Runtime SDK provides full support for access to secured ArcGIS Server, ArcGIS Online, or ArcGIS Enterprise resources using the following authorization methods:
- ArcGIS Tokens: proprietary token-based authentication mechanism.
- OAuth 2.0: secure delegated access to server resources.
- Network credential: HTTP secured service / Integrated Windows Authentication (IWA).
- Certificate: Public Key Infrastructure (PKI)."
So which of these authorization methods uses a client_id and client_secret?
"The types of Authentication Challenge include the following:
- Username / password: Challenges needing username / password authentication.
- OAuth: Challenges needing an OAuth authorization code.
- Client Certificate: Challenges needing a client certificate to be provided.
- Secure Sockets Layer (SSL) Handshake - Challenges needing a response to certain SslError errors, usually an untrusted host due to a self-signed certificate."
I still don't see anything about using a client_id and client_secret.
Are they a username/password?
Maybe this is all obvious to the rest of you, but not to me.
It would help to have a COMPLETE EXAMPLE.