Community

Help with OAuth

2090
30
Jump to solution
10-04-2023 11:30 AM
BrianBulla1
by
Occasional Contributor
‎10-04-2023 11:30 AM

Hi,

I'm just starting with the Maps SDK today, so sorry in advance for the stupid questions.  🙂

So I'm trying to do something that I think should be super simple, but I cannot for the life of me get it to work.  I'm using the DisplayAMap sample, changing the portal item to one under my AGOL account, and trying to display it.  The missing componenet is the OAuth, since I'll need to enter a username/password to get to the webmap.

I'm looking at the "Secutrity" samples in the .NET WPF app, but don't quite understand how to integrate it into what I already have working in the DisplayAMap Sample.

There seems to be this "ArcGISLoginPrompt.cs" file, that doesn't display the code for in the app.  I'm guessing that's an important part of it??

Sorry for the cryptic question....I just have no clue what to even ask.

0 Kudos
30 Replies
PierreMasson
by
Occasional Contributor
‎10-24-2023 06:15 AM

When I call 

var credential = await Esri.ArcGISRuntime.Security.AuthenticationManager.Current.GenerateCredentialAsync(new Uri(url));

I get

Esri.ArcGISRuntime.Http.ArcGISWebException: 'Unable to generate token.'

0 Kudos
BrianBulla1
by
Occasional Contributor
‎10-24-2023 05:25 AM

Hi @JoeHershman 

So with my code, "Yes" it hangs at this line, but only when using an ID from one of my own AGOL account.  When I use the webmap ID from the sample (41281c51f9de45edaf1c8ed44bb10e30) it works fine.

 

PortalItem mapItem = await PortalItem.CreateAsync(portal, "4f7b45cd7d034ea9a09ec58658bff70d");

 

 

With the new code you provided I get basically the same problem, but it hangs at this line and never gets to the PoralItem line from above.

 

var credential = await Esri.ArcGISRuntime.Security.AuthenticationManager.Current.GenerateCredentialAsync(sharingUri);

 

0 Kudos
PierreMasson
by
Occasional Contributor
‎10-24-2023 05:34 AM

I use the ArcGISLoginPrompt class not the AuthenticationManager. Like on the ArcGIS.WPF.Samples.OAuth exemple. Works fine there but everything I tried in my own project won't work. 

The ArcGISLoginPrompt is built to prompt if needed. Buty it won't.

 

0 Kudos
BrianBulla1
by
Occasional Contributor
‎10-24-2023 05:39 AM

Yes, I had a look at that sample, as well as the OAuth Tutorial sample, which is what I have been using.  I guess two different ways of doing the same thing.  I've just been rolling with the Tutuorial sample since it seemed easier to follow the structure of the code to figure out what was going on.

I might try the other sample if this hits a dead-end, but there must be a way to ge this to work.

BrianBulla1
by
Occasional Contributor
‎10-26-2023 10:42 AM

OK, so this is interesting.

If I use the code in the OAuth sample from the "ArcGIS Maps SDK Sample for .NET", and just sub the webmap ID for the ID of my webmap, everything seems to work OK.  In this OAuth sample it seems to use a class called "ArcGISLoginPrompt" and is a bit hard to follow exactly what is going on.

Can anyone explain the difference between the OAuth tutorial which I have been struggling to get to work (https://developers.arcgis.com/net/security-and-authentication/tutorials/access-services-with-oauth-2...) and the sample in the .NET sample code (https://developers.arcgis.com/net/uwp/sample-code/).

I still don't understand why I can't get the tutorial sample code to work, but if I can get a better understanding of the other sample project maybe I can roll with that.

Thanks,

0 Kudos
ThadTilton
by Esri Contributor
Esri Contributor
‎10-28-2023 11:56 AM

Hi Brian,

I was able to tinker with this a bit today. I think I ran into the same problem you described and I was able to find a solution.

For me, I found that having an API key set prevented the app from challenging for the secured web map. With the API key defined (in App.OnStartup), the app would throw an exception that said I don't have permission to access the resource (without challenging me for a login). If I commented out the line that set the API key, I was challenged for username/password and the secure webmap loaded as expected. It seems that the app was trying to authenticate with the API key and didn't try to use OAuth at that point.

I think this works with the tutorial data because it's authenticating for a single (premium) layer rather than for a secure (private) web map item. In this case, it seems to effectively use the API key for the basemap layer and OAuth for the traffic layer. I think it's a little unclear how the API key and user authentication work together. I think this needs some better documentation.

Looking at the developer guide, I found a description of setting an API key's scope to allow access to private ArcGIS Online items. This is currently in beta and has some limitations. The API key tutorial also describes the steps to enable that access.

You might want to try following the instructions to scope your API key to access your web map and see if you can access it without using OAuth. Another option is to try just commenting out the line that sets the API key (in your project based on the tutorial) and see if OAuth challenges the user for access.

-Thad

PierreMasson
by
Occasional Contributor
‎10-30-2023 08:24 AM

Thank you, that worked for me. I had to remove the client secret too.

0 Kudos
BrianBulla1
by
Occasional Contributor
‎10-30-2023 09:34 AM

Hi @ThadTilton .  Thanks so much for looking into this a bit deeper and coming up with a solution.  By commenting out the API line, it all seems to work.

So do we not need API keys in order to develop in Maps SDK?  All of the samples say you MUST have an API key, but I guess you don't??  I'm a little confused.

Thanks,

0 Kudos
ThadTilton
by Esri Contributor
Esri Contributor
‎10-30-2023 11:55 AM

There are lots of resources you might use in your app that require authentication, either with an API key, user authentication, or some other approach (see the Types of authentication doc topic for more info). API keys are commonly used for access to location services such as basemaps, geocoding, and routing. User authentication (such as OAuth) is often used so your app can gain access to private content or subscription services. There are a variety of factors that might guide you towards using one or the other and you might even use more than one in your app. For example, if you wanted to use user authentication for accessing private content, but also use an API key only for the basemap, you could set the basemap key with code like this: 

map.Basemap.ApiKey = "YOUR_API_KEY";

It looks like setting the API key globally for the app (ArcGISRuntimeEnvironment.ApiKey) caused the app to attempt to use the API key to access the private content rather than user authentication. I would expect the app to fall back to user authentication if the API key can't provide access, but it doesn't seem to work that way.

I think we need to improve our documentation to describe some of these workflows a little better. I'm glad you were able to get it working, though! 👍

KarenRobine1
by
New Contributor III
‎11-01-2023 02:12 PM

I just ran into this today too.  FYI: I'm using .NET Maui, but same problem there. In my case, I built the map so I was surprised when I could see my own user once connecting to the Portal, but still couldn't open my own web map. Getting rid of the API Key solved the problem... I am looking forward to that fix though, as I need my app to work in both public-facing and secure situations.  Thanks so much for solving this for us.

0 Kudos