AnsweredAssumed Answered

Invalid token (498) from Portal for ArcGIS with oauth2 app login

Question asked by valraa on Jun 27, 2018
Latest reply on Jun 28, 2018 by valraa

I am trying to implement oauth2 app login with Portal for ArcGIS 10.6 and private services.

I have a ArcGIS Server hosting these services and it is federated with the Portal.

I enetered my portal with my (unique) admin user.

I created a new Web Mapping App and then registered my app URIs.

I noted down the clientID and secretID.

 

When I try to access a private service from this same portal, I then do via POST (everything inside <> is just for privacy obviously):

I get the token succesfully in the response and so I do:

 

identity-manager:not-authorized You are currently signed in as: 'undefined'. You do not have access to this resource: https://geoweb.xxx.com/server/rest/services/Rete_Fognatura/MapServer

 

This causes the app I am using to pops up the Portal window asking for credentials.

 

What I have been trying so far, with no luck using the proxy provided by Esri (GitHub - Esri/resource-proxy: Proxy files for DotNet, Java and PHP. )

 

The proxy.config I am using is:

 

<?xml version="1.0" encoding="utf-8"?>

<ProxyConfig allowedReferers="*" mustMatch="true" xmlns="proxy.xsd">

  <serverUrls>

    <serverUrl url="https://services.arcgisonline.com" matchAll="true" xmlns="proxy.xsd" />

    <serverUrl url="https://geoweb.xxx.com" clientId="MY_CLIENT_ID" clientSecret="MY_SECRET_ID" rateLimit="600" rateLimitPeriod="60" matchAll="true" oauth2Endpoint="https://geoweb.xxx.com/portal/sharing/rest/oauth2/ " xmlns="proxy.xsd" />

  </serverUrls>

</ProxyConfig>

 

Finally, I just noticed in the Limitations of App Login | ArcGIS for Developers  that

  • Tokens obtained by applications can only read public content and services.
  • Tokens obtained by applications may read premium content and services hosted by Esri and consume credits on behalf of the application organization.

If you want to access private content within an organization or content that has been shared with a user, you must use the named user login pattern for authentication.

Does this mean I have to use named login with private services of Portal for ArcGIS?

Outcomes