Learn how to authenticate a user to access a secure ArcGIS service with OAuth 2.0.
In this tutorial, you will build an app that uses named user login credentials to access a secure ArcGIS service using OAuth 2.0.
You can use different authentication methods to access ArcGIS location services. To implement OAuth 2.0, you can use your ArcGIS account to register an application and get a client ID, and then configure your app to redirect users to login with their credentials when the service or content is accessed. This is known as user authentication. If the app uses premium services that consume credits, the app user's account will be charged.
Use the ArcGIS Developer dashboard to create an application, generate a client ID, and define a redirect URL to access secure services.
Sign in to your ArcGIS developer account. If you don't already have one, sign-up for free. You need to sign in so you can create an application and get a client ID for authentication.
Click the OAuth 2.0 tab in the ribbon at the top.
Click the New Application button in the upper-left of the page.
In the Create New Application window, provide a Name and an optional Description for your application definition. Then click Create application. When the application is created, Client ID, Client Secret, and Temporary Token values will also be generated.
Click the Add URI button at the bottom of the page to add a redirect URL.
In the Add Allowed URI window, type authenticate-with-oauth://auth and click Add.
You'll use the `client ID` and `redirect URL` when implementing OAuth in your app's code.
The client ID uniquely identifies your app on the authenticating server. If the server cannot find an app with the provided client ID, it will not proceed with authentication.
The redirect URL is used to identify a response from the authenticating server when the system returns control back to your app after an OAuth 2.0 login. You can configure several redirect URLs in your application definition and can remove or edit them. It's important to make sure the redirect URL used in your app's code matches a redirect URL configured for the application.
A temporary token can be used to test access to secure resources without having to implement the full OAuth workflow.
The client secret is only needed in some OAuth workflows and will not be used in this tutorial.
Open an Android Studio project with Gradle
To start this tutorial, complete the Display a map tutorial. Or download and unzip the Display a map solution in a new folder.
Modify the old project for use in this new tutorial. Expand More info for instructions.
On your file system, delete the .idea folder, if present, at the top level of your project.
In the Android tool window, open app > res > values > strings.xml.
In the <string name="app_name"> element, change the text content to Access services with OAuth 2.0.
Modify the files from the Display a map tutorial so they can be used in this tutorial: you will add imports, modify the view point's scale, define strings for OAuth client ID and redirect URI, and add an Android activity for the default OAuth intent receiver.
In the Project tool window, make sure that the Android view is displayed. Open app/java/com.example.app, and click MainActivity.kt. Add the following imports, replacing those from the Display a map tutorial.
Open app/res/values and click strings.xml. Enter certain values that you specified while creating your OAuth configuration in Configure OAuth 2.0 for your app above.
To find these values, log in to the Dashboard with your developer account, click the OAuth 2.0 tab, scroll to the OAuth configuration you created (It will have a name such as "Access Services OAuth2".) and click View Full Credentails.
In string.xml define strings for the OAuth client ID, redirect host, and redirect uri. Replace the placeholder strings with values from your actual OAuth configuration. The replacement values are not quoted.
"YOUR_CLIENT_ID": Replace with the Client ID displayed in your dashboard.
"YOUR_REDIRECT_HOST": The host name portion of your redirect URI. Replace the placeholder with the name that follows//: in the Redirect URLS section in the dashboard. Above, we suggested using auth.
"YOUR_REDIRECT_URI": The protocol identifier of your redirect URI. Replace the placeholder with the name that precedes//: in the Redirect URLs section in the dashboard. This must be authenticate-with-oauth.
ArcGIS Runtime provides an API that abstracts some of the details for OAuth 2.0 authentication in your app. You can use classes like AuthenticationManager to request, store, and manage credentials for secure resources.
Add code to set up the AuthenticationManager, which launches a browser window that challenges the user for log-in credentials.
In the setupMap() function, after the line that calls mapView.setViewpoint(), create an OAuthConfiguration.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
mapView.setViewpoint(Viewpoint(34.02700, -118.80543, 72000.0))
// set up an oauth config with url to portal, a client id and a re-direct url// a custom client id for your app can be set on the ArcGIS for Developers dashboard under// Authentication --> Redirect URIsval oAuthConfiguration = OAuthConfiguration(
null, getString(R.string.oauth_client_id),
getString(R.string.oauth_redirect_uri) + "://" + getString(R.string.oauth_redirect_host)
)
Expand
The OAuthConfiguration constructor takes three parameters:
R.string.oauth_client_id: the URL for the ArcGIS Online organization that is associated with the developer account you used in Configure OAuth 2.0 for your app above. The format of the URL will be something like: https://www.myfirstname-mylastname.maps.arcgis.com.
"R.string.oauth_client_id": the Client ID from your OAuth 2.0 configuration.
"R.string.oauth_redirect_uri" + "R.string.oauth_redirect_host": the protocol identifier and host name of the redirect uri from your OAuth 2.0 configuration.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
mapView.setViewpoint(Viewpoint(34.02700, -118.80543, 72000.0))
// set up an oauth config with url to portal, a client id and a re-direct url// a custom client id for your app can be set on the ArcGIS for Developers dashboard under// Authentication --> Redirect URIsval oAuthConfiguration = OAuthConfiguration(
null, getString(R.string.oauth_client_id),
getString(R.string.oauth_redirect_uri) + "://" + getString(R.string.oauth_redirect_host)
)
// setup AuthenticationManager to handle auth challengesval defaultAuthenticationChallengeHandler = DefaultAuthenticationChallengeHandler(this)
// use the DefaultChallengeHandler to handle authentication challenges AuthenticationManager.setAuthenticationChallengeHandler(
defaultAuthenticationChallengeHandler
)
// add an OAuth configuration// NOTE: you must add the DefaultOAuthIntentReceiver Activity to the app's manifest to handle starting a browser AuthenticationManager.addOAuthConfiguration(oAuthConfiguration)
Expand
Add a traffic layer
You will add a layer to display the ArcGIS World Traffic service, a dynamic map service that presents historical and near real-time traffic information for different regions in the world. This service requires an ArcGIS Online organizational subscription.
ArcGIS World Traffic service data is updated every five minutes to provide traffic speed and traffic incident visualization and identification.
Traffic speeds are displayed as a percentage of free-flow speeds, which is frequently the speed limit or how fast cars tend to travel when unencumbered by other vehicles. The streets are color coded as follows:
Green (fast): 85 - 100% of free flow speeds
Yellow (moderate): 65 - 85%
Orange (slow); 45 - 65%
Red (stop and go): 0 - 45%
Finally, you will add error code that catches a malformed URL and displays a Toast with the error message.
Create an ArcGISMapImageLayer to display the traffic service. Then add the layer to the map's collection of data layers (operational layers).
You should see the map with the topographic basemap layer centered on the Santa Monica Mountains in California. You will also see the traffic layer, with its symbology of green, yellow, orange, and red roads to indicate current traffic flow. This is a secured layer, which is visible in your app because the user has entered valid ArcGIS Online username and password.
