Sign in with user authentication (browser) | ArcGIS REST JS

User authentication using a sign-in prompt.

This tutorial shows how to implement user authenticationUser authentication is a type of authentication that allows users with an ArcGIS account to sign into an application and allow it to access ArcGIS content, services, and resources on their behalf. The typical authorization protocol used is OAuth2.0.Learn more in your client applications using the ArcGISIdentityManager object. This will allow users of your application to sign in with their ArcGIS accountAn ArcGIS account is an identity with a user type and set of privileges that can access specific ArcGIS products, tools, APIs, services, and resources. The main account types that can be used for development are an ArcGIS Location Platform account, ArcGIS Online account, and ArcGIS Enterprise account. ArcGIS Location Platform and ArcGIS Online accounts are also associated with a subscription.Learn more, granting your application access to the privileges and items associated with it.

Prerequisites

An ArcGIS Location Platform, ArcGIS Online, or ArcGIS Enterprise account.

Steps

Create a new app

Create an HTML page called index.html an empty <body>. This page is the primary application page that directs user to the sign-in prompt.

index.html
Expand
Use dark colors for code blocks
<html lang="en">
  <head>
    <meta charset="utf-8">
    <meta name="viewport" content="initial-scale=1, maximum-scale=1, user-scalable=no">
    <title>ArcGIS REST JS: Sign in with user authentication (browser)</title>

  </head>
  <body>

  </body>
</html>

Add HTML and CSS to create a <pre> element called result.

index.html
Expand
Use dark colors for code blocks
<html lang="en">
  <head>
    <meta charset="utf-8">
    <meta name="viewport" content="initial-scale=1, maximum-scale=1, user-scalable=no">
    <title>ArcGIS REST JS: Sign in with user authentication (browser)</title>

  </head>
  <body>

  </body>
</html>

In the same folder, create another HTML page called callback.html. This page is the redirect page after the user successfully signed in.

callback.html
Use dark colors for code blocks
<!DOCTYPE html>

<html lang="en">

  <head>
    <title>ArcGIS REST JS: User authentication callback</title>

  </head>

  <body>

  </body>

</html>

In both index.html and callback.html, add references to the arcgis-rest-request package.

index.html
Expand
Use dark colors for code blocks
    <!-- ArcGIS REST JS used for user authentication. -->
    <script src="https://unpkg.com/@esri/arcgis-rest-request@4/dist/bundled/request.umd.js"></script>
Expand

callback.html
Expand
Use dark colors for code blocks
    <!-- ArcGIS REST JS used for user authentication. -->
    <script src="https://unpkg.com/@esri/arcgis-rest-request@4/dist/bundled/request.umd.js"></script>
Expand

Set up authentication

Create a new OAuth credentialOAuth credentials are an item that contains parameters required to implement user authentication or app authentication, including a client_id, client_secret, and redirect URIs. They are a type of developer credential.Learn more to register the application.

Go to the Create OAuth credentials for user authentication tutorial to create an OAuth credential. Set the redirect URL to https://<YOUR_SERVER>[:YOUR_PORT]/callback.html, for example https://localhost:3000/callback.html.
Copy the Client ID and Redirect URL from your OAuth credentials item and paste them to a safe location. They will be used in a later step.

Create authentication script

In index.html, call ArcGISIdentityManager.beginOAuth2 to begin OAuth authentication. Pass your clientId and redirectUrl. This method will open a new window at the authorization endpointAn authorization endpoint is an ArcGIS portal service endpoint that can be queried to request an authorization code. It is used to implement user authentication OAuth2.0 flows.Learn more that prompts users to sign in with an ArcGIS accountAn ArcGIS account is an identity with a user type and set of privileges that can access specific ArcGIS products, tools, APIs, services, and resources. The main account types that can be used for development are an ArcGIS Location Platform account, ArcGIS Online account, and ArcGIS Enterprise account. ArcGIS Location Platform and ArcGIS Online accounts are also associated with a subscription.Learn more.
index.html
Use dark colors for code blocks
```
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
    <script type="module">

    /* Use for user authentication */
    const clientId = "YOUR_CLIENT_ID"; // Your client ID from OAuth credentials
    const redirectUri = ""YOUR_REDIRECT_URI""; // The redirect URL registered in your OAuth credentials
    const authentication = await arcgisRest.ArcGISIdentityManager.beginOAuth2({
      clientId,
      redirectUri,
      portal: "https://www.arcgis.com/sharing/rest" // Your portal URL
    });

    </script>
```
Upon signing in successfully, this window will redirect the browser to the provided redirectUrl address.

Create callback script

Once the user has signed in, the browser will be redirected to the address of the provided redirect URI.

In callback.html, call ArcGISIdentityManager.completeOAuth2 to complete OAuth authentication. Pass your clientId and redirectUrl. This method receives the authorization codeAn authorization code is a string that is used to obtain an access token associated with a user account. It is required in user authentication flows that adhere to the OAuth2.0 authorization_code grant type.Learn more generated when a user signs in and uses it to request an access tokenAn access token is an authorization string that provides access to secure ArcGIS content, data, and services. Its capabilities are determined by the privileges it supports. It is obtained by implementing API key authentication, User authentication, or App authentication.Learn more.
callback.html
Expand
Use dark colors for code blocks
```
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
    <script type="module">

    arcgisRest.ArcGISIdentityManager.completeOAuth2({
      clientId: "YOUR_CLIENT_ID", // Your client ID from OAuth credentials
      redirectUri: "YOUR_REDIRECT_URI", // The redirect URL registered in your OAuth credentials
      portal: "https://www.arcgis.com/sharing/rest" // Your portal URL
    });

    </script>
```
Expand

Run the app

Run the application and navigate to your localhost, for example: https://localhost:8080. You should be prompted to enter the credentials of an ArcGIS accountAn ArcGIS account is an identity with a user type and set of privileges that can access specific ArcGIS products, tools, APIs, services, and resources. The main account types that can be used for development are an ArcGIS Location Platform account, ArcGIS Online account, and ArcGIS Enterprise account. ArcGIS Location Platform and ArcGIS Online accounts are also associated with a subscription.Learn more.

If you are unable to sign in, make sure you have the correct redirect URL and port. This URL varies based on your application and typically takes the format of https://<server>[:port]/callback.html or http://my-arcgis-app:/auth. For example, if you are running an application on http://127.0.0.1:5500/, set http://127.0.0.1:5500/callback.html as your redirect URL in the index.html and callback.html file and your developer credential. They all have to match!

What's next

Learn how to use additional location services in these tutorials:

Edit feature data

Add, update, and delete data in a hosted feature layer.

Get layer metadata

Access the name, description, type and other properties of a hosted layer.

Find a route and directions

Find a route and directions for an origin and destination.