platformSelf

Request a token for a specific application using the esri_aopc encrypted cookie

When a client app boots up, it will know its clientId and the redirectUri for use in the normal /oauth/authorize pop-out oAuth flow.

If the app sees an esri_aopc cookie (only set if the app is hosted on *.arcgis.com), it can call the /oauth2/platformSelf end-point passing in the clientId and redirectUri in headers, and it will receive back an app-specific token, assuming the user has access to the app.

Since there are scenarios where an app can boot using credentials/token from localstorage but those credentials are not for the same user as the esri_aopc cookie, it is recommended that an app check the returned username against any existing identity they may have loaded.

Note: This is only usable by Esri applications hosted on arcgis.com, esri.com or within an ArcGIS Enterprise installation. Custom applications can not use this.

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
// convert the encrypted platform cookie into a ArcGISIdentityManager
import { platformSelf, ArcGISIdentityManager } from '@esri/arcgis-rest-request';

const portal = 'https://www.arcgis.com/sharing/rest';
const clientId = 'YOURAPPCLIENTID';

// exchange esri_aopc cookie
return platformSelf(clientId, 'https://your-app-redirect-uri', portal)
.then((response) => {
 const currentTimestamp = new Date().getTime();
 const tokenExpiresTimestamp = currentTimestamp + (response.expires_in * 1000);
 // Construct the session and return it
 return new ArcGISIdentityManager({
   portal,
   clientId,
   username: response.username,
   token: response.token,
   tokenExpires: new Date(tokenExpiresTimestamp),
   ssl: true
 });
})

Returns