I'm having difficulties with the MapViewer template and secured services.
I created a new app from the MapViewer template. I enabled secure sign-in in the settings, then started up the app and signed in. I chose a secured web map from the Gallery and opened it. As soon as I try to pan/zoom the map, I get a pop up that says "This request needs to be made over https". I inspected the web traffic in Fiddler, and I can see the app hit the feature service url in ArcGIS Online, which returns a 'token required' and that the "owningSystemUrl" is http://www.ArcGIS.com. The next request is to http://www.arcgis.com/sharing/rest/oauth2/token which fails with the message in the popup of the app, that the request needs to be made over https.
The only thing I could think to check was in the AGOL org settings, and for the org I had signed into, the admin setting to 'Allow access to the organization through only' was unchecked. I enabled that, and tried again. I got the same result, but with a slightly different message: "Request not made over ssl". I noted that in Fiddler, the token request was again using http, even though the "owningSystemUrl" in the previous step had changed to https.
My question here is why does it attempt to make that request over http instead of https? I thought that the platform would always make token requests (especially to ArcGIS Online) via https by default?