User authentication is a set of authentication workflows that allow users with an ArcGIS account to sign into an application and access ArcGIS content, services, and resources. The typical authentication protocol used is OAuth 2.0. When a user signs into an application with their ArcGIS account, an access token is generated that authorizes the application to access services and content on their behalf. The resources and functionality available depend on the user type, roles, and privileges of the user's ArcGIS account. This authentication type was previously known as Named user login and ArcGIS identity.
User authentication provides access to secure ArcGIS services and content on behalf of a user. It offers several advantages over other types of authentication:
- Supports the secure OAuth 2.0
authorizationflow._code - Grants access to all services available to a user, including portal services and spatial analysis services.
- Bills usage to user's accounts, rather than the developer's account.
How user authentication works
The typical steps to implement user authentication are as follows:
-
Create a set of OAuth credentials in your portal and set a redirect URL.
-
Paste the
clientand redirect URL from your OAuth credentials into your application._id -
Use an ArcGIS Maps SDK or API to create an authentication manager class and prompt users to sign in.
-
Once authenticated, access the secure resources available to the signed-in user in your application.
OAuth credentials
OAuth credentials are an item used to support authentication workflows. They are required to implement user authentication and app authentication using OAuth 2.0 workflows.
User authentication flows
There are six different workflows that can be used to implement user authentication:
- Authorization code flow with PKCE
- Authorization code flow,
- Implicit flow
- Manual token generation
- HTTP/Windows/Integrated Windows Authentication
- Public key infrastructure (PKI) authentication
The flow you use will vary based on the type of application you build and client API you select.
Examples
ArcGIS APIs
If you are using one of the ArcGIS Maps SDKs, refer to that SDK's Access services with OAuth credentials tutorial to implement user authentication in your app:
- ArcGIS Maps SDK for JavaScript
- ArcGIS Maps SDK for Kotlin
- ArcGIS Maps SDK for Swift
- ArcGIS Maps SDK for Java
- ArcGIS Maps SDK for .NET
- ArcGIS Maps SDK for Qt
After you complete the OAuth 2.0 authorization process, you receive a token credential to use when accessing any content or services to which the authorized user has access. In ArcGIS Maps SDKs, the Authentication and Identity classes automatically use a token credential to securely access resources, requiring no additional actions from you.
Non-ArcGIS APIs
It is possible to implement ArcGIS user authentication with non-ArcGIS APIs, however you remain responsible to obtain, manage, and secure user credentials as a part of your application. For this method, you must implement the appropriate authentication flow for your application. The following OAuth 2.0 flows are recommended:
Limitations
Service support
The following table provides an overview of the functionality available with each type of authentication:
| API key authentication | User authentication | App authentication | |
|---|---|---|---|
| Location services | |||
| Data services (Item access) | |||
| Spatial analysis services | |||
| Portal service (General privileges) | |||
| Portal service (Admin privileges) |
Account types
User authentication is available with ArcGIS Location Platform accounts, ArcGIS Online accounts, and ArcGIS Enterprise accounts.
To create OAuth credentials with an ArcGIS Online account, your account must have a role with the Assign privileges to OAuth 2.0 applications privilege. To learn more, go to the FAQ.
Tutorials
Create OAuth credentials for user authentication
Sign in with user authentication
Create an application that requires users to sign in with an ArcGIS account.
API support
- 1. Supported via ArcGIS REST JS