OAuth credentials (for user authentication)

OAuth credentials are an item used to support authentication workflows. They are required to implement user authentication and app authentication using OAuth 2.0 workflows.

Most user authentication flows require a valid client_id from a set of OAuth credentials. They also require a redirect URI to be configured in the OAuth credential settings.

Create OAuth credentials (for user authentication)

The steps to create OAuth credentials with an ArcGIS Location Platform account are:

Sign in to your ArcGIS portal.
Click Content > My content > New item and select Developer credentials.
Im the Credential types menu, select OAuth credentials.
Add a redirect URL and click Next.
In the Privileges and Grant item access menus, click Next; these are not required for user authentication.
Name the credentials and click Next to review. When you are ready to create the credentials, click Create.

Redirect URLs

A redirect URL is a required parameter of user authentication flows. This is the URL that your application will direct users to after they successfully authenticate.

Redirect URLs are managed as a property of OAuth credentials. They can be added to your credentials during the creation process, or any time through the Settings panel of the credentials item page. To add a redirect URL to your developer credentials, complete the following steps:

Sign in to your portal and search for your developer credentials.
Go to the item page of the credentials and click Settings > Application.
Under Redirect URLs, add the URL that you want to direct users to after completing authentication. This URL varies based on your application and typically takes the format of "https://<server>[:port]/callback.html" or "http://my-arcgis-app:/auth". This is a valid web page or server endpoint to which a user can be redirected after successful sign in.
- For example, if you are running an application on https://localhost:8080, add https://localhost:8080/callback.html to the list of redirect URLs. The exact URL depends on the name of your callback page and the programming language you are using. If you are following a "Sign in with user authentication" ArcGIS tutorial, it will specify the name of your callback page.

Privileges and item access

With user authentication, access tokens inherit all privileges and item access rights from the signed-in ArcGIS user. OAuth credentials are not used to assign privileges or item access in this type of authentication.

Referrers

The referrers field for developer credentials

A referrer is an HTTP header field used to identify the client requesting a server resource. This functions as a security measure, allowing applications to confirm their client's identity. When OAuth credentials have a specific HTTP referer header set, services can confirm that an incoming request's referrer matches one of the valid referrers assigned to that access token.

Specific domains can be provided or you can use wildcard characters (*) in the subdomain of your allowed referrer. For example https://*.your-app.com will allow the access token to be used on both https://dev.your-app.com and https://your-app.com. While it is also possible to restrict access token use to specific paths (https://your-app.com/page), we do not recommend this method because browsers may remove the path due to privacy concerns.

Usage tracking

All services and content accessed with OAuth credentials are tracked. You can monitor the usage of credentials in order to view the consumption of services and the billing amount.

The steps to monitor usage vary based on the type of ArcGIS account the credentials were created with:

ArcGIS Location Platform developers use their dashboard to monitor service usage. To monitor service usage of OAuth credentials, use the following steps:

Go to location.arcgis.com and sign in with an ArcGIS Location Platform account.
Click My dashboard > Usage > Developer credentials.
In the left sidebar, select the OAuth credentials item you would like to review usage for.
In the Billing cycle selector, choose a billing cycle to inspect. The main panel of the window will show a usage report.
Review the usage report for the OAuth credentials. Usage information is organized by secure resource. Click Download CSV to download the information as a .csv file.
Click the dropdown button on a specific service to view a usage timeline. The panel will show the resource consumption for each day of the billing cycle.