Oauth 2.0

ArcGIS supports secure authentication using OAuth2.0 protocols. To authenticate using OAuth 2.0, you need to create OAuth credentials and implement user authentication or app authentication in your application. You can use these authentication workflows to access secure services and content hosted in a portal.

To authenticate requests using OAuth 2.0, you need to have one of the following accounts:

  • ArcGIS Online account
  • ArcGIS Location Platform account
  • ArcGIS Enterprise account

The easiest way to implement an OAuth 2.0 workflow is to integrate the request module from ArcGIS REST JS, which streamlines the authentication process.

How to use OAuth credentials

The recommended way to implement OAuth 2.0 is to use the ArcGISIdentityManager module from ArcGIS REST JS.

Below are the typical steps for implementing browser-based OAuth 2.0.

  1. Sign in to your portal.
  2. Create or use an existing OAuth 2.0 application.
  3. Get the client ID and redirect URI from your application.
  4. Set the client ID (in your application).
  5. Create a callback page defined in the redirect URI that will complete the authentication process.
  6. Set the generated token where authentication is a required parameter.

To learn about other types of OAuth 2.0 authentication methods, go to Implement user authentication (server) tutorial.

User authentication

User authentication is a set of authentication workflows that allow users with an ArcGIS account to sign into an application and access ArcGIS content, services, and resources. The typical authentication protocol used is OAuth 2.0. When a user signs into an application with their ArcGIS account, an access token is generated that authorizes the application to access services and content on their behalf. The resources and functionality available depend on the user type, roles, and privileges of the user's ArcGIS account. This authentication type was previously known as Named user login and ArcGIS identity.

If your application will access your users' secure content in ArcGIS or if you plan to distribute your application through ArcGIS Marketplace, you must use user authentication.

App authentication

App authentication, formerly known as app credential authentication, is a type of authentication that grants a short-lived access token to applications based on a set of OAuth 2.0 credentials. The resources and functionality available depend on the user type, roles, and privileges of your ArcGIS account.

Examples

User authentication with ArcGIS REST JS

This example uses the ArcGISIdentityManager module from ArcGIS REST JS.

Use dark colors for code blocksCopy
1
2
3
4
5
6
7
8
9
10
11
12
13
import { ArcGISIdentityManager } from "@esri/arcgis-rest-request";

// register your own app to create a unique clientId
const clientId = "YOUR_CLIENT_ID"

// send the user to the authorization page
ArcGISIdentityManager.beginOAuth2({
  yourClientId,
  redirectUri: 'https://yourapp.com/authenticate.html'
})
  .then(authenticationManager => {
    console.log(authenticationManager)
  });
Use dark colors for code blocksCopy
1
2
3
4
5
6
7
8
9
10
11
12
13
import { ArcGISIdentityManager } from "@esri/arcgis-rest-request";

const clientId = "YOUR_CLIENT_ID"

/**
 * after the user authorizes the application they will be redirected to
 * the page defined in redirectUrl which will need to complete the
 * authentication process.
 **/
ArcGISIdentityManager.completeOAuth2({
  yourClientId,
  redirectUri: 'https://yourapp.com/authenticate.html'
});

User authentication without ArcGIS REST JS

This example shows how to configure an OAuth 2.0 workflow without the helper methods from ArcGIS REST JS.

Use dark colors for code blocksCopy
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22

  const yourClientID = "YOUR_CLIENT_ID";
  let accessToken;
  const callbacks = [];
  const protocol = window.location.protocol;
  const callbackPage = protocol + "./oauth-callback.html";

  function oauth(callback) {
        if (accessToken) {
          callback(accessToken);
        } else {
          callbacks.push(callback);
          window.open(
            "https://www.arcgis.com/sharing/oauth2/authorize?client_id=" +
              yourClientID +
              "&response_type=token&expiration=20160&redirect_uri=" +
              window.encodeURIComponent(callbackPage),
            "oauth",
            "height=400,width=600,menubar=no,location=yes,resizable=yes,scrollbars=yes,status=yes"
          );
        }
      }
Use dark colors for code blocksCopy
1
2
3
4
5
6
7
8
9
10
/* Once the user is authorized, the access token must be retrieved.*/
let match;
  if (window.location.hash && (match = window.location.hash.match(/#access_token=([^&]+)/))) {
    if (window.opener && window.opener.parent) {
      window.opener.parent.oauthCallback(match[1]);
    } else {
      window.parent.oauthCallback(match[1]);
    }
    window.close();
  }

Tutorials

Your browser is no longer supported. Please upgrade your browser for the best experience. See our browser deprecation post for more details.