I'm messing around with securing my services and plan on putting in place token-based authentication for our JS API application. I'm just trying to get a handle on what tokens do and how they work. I have made a user in our ArcGIS server, assigned it the "User" role, and have set one service to only allow access by logged in users that are part of the "user" role. I went to generate a token at https://domain.com/serverName/tokens and filled that out to generate the token. I filled out the HTTP referer field as www.domain.com with the domain our JS API web app sits on.
Now, when I try to access that service via the rest endpoint with the token, I get taken to a login page. Isn't the token supposed to automatically log me in and give me access to the service? If not, how is the token doing anything different than just going to services page and hitting "Login"?
This is how I'm trying to access the service with the generated token:
Am I misunderstanding what tokens do?