Learn how to authenticate a user to access a secure ArcGIS service with OAuth 2.0.
In this tutorial, you will build an app that uses named user login credentials to access a secure ArcGIS service using OAuth 2.0.
You can use different authentication methods to access ArcGIS location services. To implement OAuth 2.0, you can use your ArcGIS account to register an application and get a client ID, and then configure your app to redirect users to login with their credentials when the service or content is accessed. This is known as user authentication. If the app uses premium services that consume credits, the app user's account will be charged.
You will implement OAuth 2.0 so users can sign in to ArcGIS to access the ArcGIS World Traffic service.
Prerequisites
The following are required for this tutorial:
- An ArcGIS account to access API keys. If you don't have an account, sign up for free.
- Confirm that your system meets the system requirements.
- An IDE for Android development in Kotlin.
Steps
Configure OAuth 2.0 for your app
Use the ArcGIS Developer dashboard to create an application, generate a client ID, and define a redirect URL to access secure services.
- Sign in to your ArcGIS developer account. If you don't already have one, sign-up for free. You need to sign in so you can create an application and get a client ID for authentication.
- Click the OAuth 2.0 tab in the ribbon at the top.
- Click the New Application button in the upper-left of the page.
- In the Create New Application window, provide a Name and an optional Description for your application definition. Then click Create application. When the application is created,
Client ID
,Client Secret
, andTemporary Token
values will also be generated. - Click the Add URI button at the bottom of the page to add a redirect URL.
- In the Add Allowed URI window, type
authenticate-with-oauth:
and click Add.//auth
client ID
and redirect URL
when implementing OAuth in your app's code.The client ID
uniquely identifies your app on the authenticating server. If the server cannot find an app with the provided client ID, it will not proceed with authentication.
The redirect URL
is used to identify a response from the authenticating server when the system returns control back to your app after an OAuth 2.0 login. You can configure several redirect URLs in your application definition and can remove or edit them. It's important to make sure the redirect URL used in your app's code matches a redirect URL configured for the application.
A temporary token
can be used to test access to secure resources without having to implement the full OAuth workflow.
The client secret
is only needed in some OAuth workflows and will not be used in this tutorial.
Open an Android Studio project with Gradle
-
To start this tutorial, complete the Display a map tutorial. Or download and unzip the Display a map solution in a new folder.
-
Modify the old project for use in this new tutorial. Expand More info for instructions.
-
On your file system, delete the .idea folder, if present, at the top level of your project.
-
In the Android tool window, open app > res > values > strings.xml.
In the
<string name="app_
element, change the text content to Access services with OAuth 2.0.name"> strings.xmlUse dark colors for code blocks Change line <resources> <string name="app_name">Access services with OAuth 2.0</string> </resources>
-
In the Android tool window, open Gradle Scripts > settings.gradle.
Change the value of
root
to "Access services with OAuth 2.0".Project.name settings.gradleUse dark colors for code blocks Change line rootProject.name = "Access services with OAuth 2.0" include ':app'
-
Click File > Sync Project with Gradle files. Android Studio will recognize your changes and create a new .idea folder.
-
-
Delete the code that sets your API key. Since your app will be using OAuth, you will not need an API Key.
MainActivity.ktUse dark colors for code blocks Remove line Remove line Remove line Remove line Remove line Remove line Remove line Remove line override fun onDestroy() { mapView.dispose() super.onDestroy() } private fun setApiKeyForApp(){ // set your API key // Note: it is not best practice to store API keys in source code. The API key is referenced // here for the convenience of this tutorial. ArcGISRuntimeEnvironment.setApiKey("YOUR_API_KEY") }
MainActivity.ktUse dark colors for code blocks Remove line override fun onCreate(savedInstanceState: Bundle?) { super.onCreate(savedInstanceState) setContentView(activityMainBinding.root) setApiKeyForApp() setupMap() }
Prepare files before coding the app
Modify the files from the Display a map tutorial so they can be used in this tutorial: you will add imports, modify the view point's scale, define strings for OAuth client ID and redirect URI, and add an Android activity for the default OAuth intent receiver.
-
In the Project tool window, make sure that the Android view is displayed. Open app/java/com.example.app, and click MainActivity.kt. Add the following imports, replacing those from the Display a map tutorial.
MainActivity.ktUse dark colors for code blocks package com.example.app import android.os.Bundle import android.util.Log import android.widget.Toast import androidx.appcompat.app.AppCompatActivity import com.esri.arcgisruntime.layers.ArcGISMapImageLayer import com.esri.arcgisruntime.mapping.ArcGISMap import com.esri.arcgisruntime.mapping.BasemapStyle import com.esri.arcgisruntime.mapping.Viewpoint import com.esri.arcgisruntime.mapping.view.MapView import com.esri.arcgisruntime.security.AuthenticationManager import com.esri.arcgisruntime.security.DefaultAuthenticationChallengeHandler import com.esri.arcgisruntime.security.OAuthConfiguration import com.example.app.databinding.ActivityMainBinding import java.net.MalformedURLException class MainActivity : AppCompatActivity() {
-
Change the scale of the map's initial viewpoint to 72000.0. This scale will make the secured layer visible without zooming in.
MainActivity.ktUse dark colors for code blocks val map = ArcGISMap(BasemapStyle.ARCGIS_TOPOGRAPHIC) mapView.map = map mapView.setViewpoint(Viewpoint(34.02700, -118.80543, 72000.0))
-
Open app/res/values and click strings.xml. Enter certain values that you specified while creating your OAuth configuration in Configure OAuth 2.0 for your app above.
To find these values, log in to the Dashboard with your developer account, click the OAuth 2.0 tab, scroll to the OAuth configuration you created (It will have a name such as "Access Services OAuth2".) and click View Full Credentails.
In string.xml define strings for the OAuth client ID, redirect host, and redirect uri. Replace the placeholder strings with values from your actual OAuth configuration. The replacement values are not quoted.
-
"YOUR_CLIENT_ID": Replace with the Client ID displayed in your dashboard.
-
"YOUR_REDIRECT_HOST": The host name portion of your redirect URI. Replace the placeholder with the name that follows
//:
in the Redirect URLS section in the dashboard. Above, we suggested usingauth
. -
"YOUR_REDIRECT_URI": The protocol identifier of your redirect URI. Replace the placeholder with the name that precedes
//:
in the Redirect URLs section in the dashboard. This must beauthenticate-with-oauth
.
strings.xmlUse dark colors for code blocks <resources> <string name="app_name">Access services with OAuth 2.0</string> <string name="oauth_client_id">YOUR_CLIENT_ID</string> <string name="oauth_redirect_host">YOUR_REDIRECT_HOST</string> <string name="oauth_redirect_uri">YOUR_REDIRECT_URI</string> </resources>
-
-
Open app/manifests and click AndroidManifest.xml. Add an activity for the default OAuth intent receiver.
AndroidManifest.xmlUse dark colors for code blocks <!-- You must declare this activity, an intent receiver, to display the OAuth login --> <activity android:exported="true" android:name="com.esri.arcgisruntime.security.DefaultOAuthIntentReceiver" android:launchMode="singleTask"> <intent-filter> <action android:name="android.intent.action.VIEW" /> <category android:name="android.intent.category.DEFAULT" /> <category android:name="android.intent.category.BROWSABLE" /> <data android:host="@string/oauth_redirect_host" android:scheme="authenticate-with-oauth" /> </intent-filter> </activity> </application>
Implement OAuth 2.0 authentication
ArcGIS Runtime provides an API that abstracts some of the details for OAuth 2.0 authentication in your app. You can use classes like
AuthenticationManager
to request, store, and manage credentials for secure resources.
Add code to set up the
AuthenticationManager
, which launches a browser window that challenges the user for log-in credentials.
-
In the
setup
function, after the line that callsMap() map
, create anView.set Viewpoint() OAuthConfiguration
.MainActivity.ktUse dark colors for code blocks mapView.setViewpoint(Viewpoint(34.02700, -118.80543, 72000.0)) // set up an oauth config with url to portal, a client id and a re-direct url // a custom client id for your app can be set on the ArcGIS for Developers dashboard under // Authentication --> Redirect URIs val oAuthConfiguration = OAuthConfiguration( null, getString(R.string.oauth_client_id), getString(R.string.oauth_redirect_uri) + "://" + getString(R.string.oauth_redirect_host) )
The
OAuth
constructor takes three parameters:Configuration -
R.string.oauth_
: the URL for the ArcGIS Online organization that is associated with the developer account you used in Configure OAuth 2.0 for your app above. The format of the URL will be something like:client_ id https:
.//www.myfirstname-mylastname.maps.arcgis.com -
"R.string.oauth_
: the Client ID from your OAuth 2.0 configuration.client_ id" -
"R.string.oauth_
: the protocol identifier and host name of the redirect uri from your OAuth 2.0 configuration.redirect_ uri" + "R.string.oauth_ redirect_ host"
-
-
Create a
DefaultAuthenticationChallengeHandler
and set it on theAuthenticationManager
. Then add theo
to theAuth Configuration Authentication
.Manager MainActivity.ktUse dark colors for code blocks mapView.setViewpoint(Viewpoint(34.02700, -118.80543, 72000.0)) // set up an oauth config with url to portal, a client id and a re-direct url // a custom client id for your app can be set on the ArcGIS for Developers dashboard under // Authentication --> Redirect URIs val oAuthConfiguration = OAuthConfiguration( null, getString(R.string.oauth_client_id), getString(R.string.oauth_redirect_uri) + "://" + getString(R.string.oauth_redirect_host) ) // setup AuthenticationManager to handle auth challenges val defaultAuthenticationChallengeHandler = DefaultAuthenticationChallengeHandler(this) // use the DefaultChallengeHandler to handle authentication challenges AuthenticationManager.setAuthenticationChallengeHandler( defaultAuthenticationChallengeHandler ) // add an OAuth configuration // NOTE: you must add the DefaultOAuthIntentReceiver Activity to the app's manifest to handle starting a browser AuthenticationManager.addOAuthConfiguration(oAuthConfiguration)
Add a traffic layer
You will add a layer to display the ArcGIS World Traffic service, a dynamic map service that presents historical and near real-time traffic information for different regions in the world. This service requires an ArcGIS Online organizational subscription.
ArcGIS World Traffic service data is updated every five minutes to provide traffic speed and traffic incident visualization and identification.
Traffic speeds are displayed as a percentage of free-flow speeds, which is frequently the speed limit or how fast cars tend to travel when unencumbered by other vehicles. The streets are color coded as follows:
- Green (fast): 85 - 100% of free flow speeds
- Yellow (moderate): 65 - 85%
- Orange (slow); 45 - 65%
- Red (stop and go): 0 - 45%
Finally, you will add error code that catches a malformed URL and displays a Toast with the error message.
-
Create an
ArcGISMapImageLayer
to display the traffic service. Then add the layer to the map's collection of data layers (operational layers).MainActivity.ktUse dark colors for code blocks Add line. Add line. // add an OAuth configuration // NOTE: you must add the DefaultOAuthIntentReceiver Activity to the app's manifest to handle starting a browser AuthenticationManager.addOAuthConfiguration(oAuthConfiguration) val trafficLayer = ArcGISMapImageLayer("https://traffic.arcgis.com/arcgis/rest/services/World/Traffic/MapServer") map.operationalLayers.add(trafficLayer)
-
Enclose the code of
setup
using aMap() try
clause. Follow thetry
with acatch
clause that takes aMalformed
and callsURLException log
.Error() MainActivity.ktUse dark colors for code blocks Add line. Add line. Add line. Add line. Add line. private fun setupMap() { try { val map = ArcGISMap(BasemapStyle.ARCGIS_TOPOGRAPHIC) mapView.map = map mapView.setViewpoint(Viewpoint(34.02700, -118.80543, 72000.0)) // set up an oauth config with url to portal, a client id and a re-direct url // a custom client id for your app can be set on the ArcGIS for Developers dashboard under // Authentication --> Redirect URIs val oAuthConfiguration = OAuthConfiguration( null, getString(R.string.oauth_client_id), getString(R.string.oauth_redirect_uri) + "://" + getString(R.string.oauth_redirect_host) ) // setup AuthenticationManager to handle auth challenges val defaultAuthenticationChallengeHandler = DefaultAuthenticationChallengeHandler(this) // use the DefaultChallengeHandler to handle authentication challenges AuthenticationManager.setAuthenticationChallengeHandler( defaultAuthenticationChallengeHandler ) // add an OAuth configuration // NOTE: you must add the DefaultOAuthIntentReceiver Activity to the app's manifest to handle starting a browser AuthenticationManager.addOAuthConfiguration(oAuthConfiguration) val trafficLayer = ArcGISMapImageLayer("https://traffic.arcgis.com/arcgis/rest/services/World/Traffic/MapServer") map.operationalLayers.add(trafficLayer) } catch (e: MalformedURLException) { logError("Error in OAuthConfiguration URL: " + e.message) } }
-
Within the
Main
class, create theActivity log
function that takes aError() String
parameter and displays a Toast containing the message.MainActivity.ktUse dark colors for code blocks Add line. Add line. Add line. Add line. Add line. Add line. Add line. Add line. Add line. Add line. /** * Log an error to logcat and to the screen via Toast. * @param message the text to log. */ private fun logError(message: String?) { message?.let { Log.e(TAG, message) Toast.makeText(this, message, Toast.LENGTH_LONG).show() } }
-
Click Run > Run > app to run the app.
You should see the map with the topographic basemap layer centered on the Santa Monica Mountains in California. You will also see the traffic layer, with its symbology of green, yellow, orange, and red roads to indicate current traffic flow. This is a secured layer, which is visible in your app because the user has entered valid ArcGIS Online username and password.