I am banging my head against the wall trying to resolve how to get my application to work with OAuth and Portal 10.3.1 and would love if anyone has any suggestions...
I have implemented OAuth App Login for my page mainly using the example at OAuth Popup | ArcGIS API for JavaScript
My map only loads one layer, but I would prefer to keep that layer available to all users (In Portal and other apps). It is the specific use in my application of that layer that I would like to secure.
After registering my application in my Portal, if I set the sharing of my Application to a specific group (lets call it Group A), and then try to login to my app as a Portal user who is NOT a member of Group A, the login works!! But it shouldn't work right? I should be able to secure an item at the Application level, not the resource level below it.
Although I could always implement User login and secure the actual service/layer that is loaded into the map, but like I mentioned I would only like to secure the Application itself, not the endpoints of any layer I want to include It makes maintenance much easier, and makes more business sense. Attached is my page for testing - would love if anyone could help me work through this.