Hello all,
Does anyone know how it would be possible change the appearance and behaviour of the IdentityManager? I'm making a module that in theory can be used in any application that has a map using the JavaScript API. When it connects to secured services, it is possible to let the IdentityManager work automatically. However, there are a couple things I'd like to be able to control. First, it would be ideal to change the appearance of the login prompt, so that it is clear that the login is related to the module I've created. Otherwise, users need to recognize the url displayed in the IdentityManager in order to know what credentials to input.
The other problem is how to handle HTTPS encryption of secure logins. The web page that loads the module is loaded using HTTPS, then there's no problem. But if the module I create needs to be usable within an unencrypted web page, browser security limits our options for sending/receiving data to an HTTPS service from JavaScript.
The only workaround I can think of for maintaining encryption when sending username/passwords is to securely submit the login information through HTTPS in a hidden IFRAME to a script that generates tokens on the server. The document that loads inside the iframe can then redirect to a non-encrypted location with the token in the URL, which the parent document can access. If I use this method, I can create an IdentityManager JSON object that contains the token information and call esri.id.initialize( ... ). Everything works fine at this point, using the token for secured services.
However, what should I do to deal with the expiry of tokens? Should I just create tokens with very long expiration limits, and not worry about it...or is there a way to control what the identity manager does when it comes time to refresh a token?