Learn how to create OAuth credentials with ArcGIS Enterprise to support app authentication.

The first window of the Developer credentials creator with the OAuth 2.0 credentials (for App authentication) option selected. The account used is an ArcGIS Enterprise account.

The developer credentials creation interface in a portal

OAuth credentials are an item required to implement app authentication. They contain client_id and client_secret parameters that are used to implement an OAuth 2.0 client credentials flow. The item page of OAuth credentials allows you to manage settings related to app authentication, including the authorized privileges of an application.

This tutorial shows you how to create OAuth credentials for use in app authentication and do the following:

  • Configure privileges to allow your application to access ArcGIS services, content, and functionality.
  • Set authorized referrer URLs.
  • Manage settings of the OAuth credentials and monitor usage using its item page.

This tutorial focuses on creating OAuth 2.0 credentials for a private application with selected privileges and access.

Prerequisites

  1. You need an ArcGIS Enterprise account with the correct user type and role. Please review the Product and account requirements before proceeding.

  2. You need to know the privileges required by your application. The privileges assigned to developer credentials allow your application to access ArcGIS services and resources.

Steps

Sign in to your portal

You use your portal to create and manage items, including OAuth credentials.

  1. In your web browser, go to your ArcGIS Enterprise portal and sign in to your portal with your ArcGIS Enterprise account.

Create a new item

  1. In your portal, click Content > My content > New item.
    New item button

  2. Click Developer credentials.

  3. In the credential type screen, select OAuth 2.0 credentials and click Next.

    OAuth 2.0 credentials in ArcGIS Enterprise

Set referrer URLs

You can set referrer URLs on OAuth credentials that restrict the credentials to only be usable from authorized domains. This is highly recommended for security purposes.

  1. In the next window, scroll down to Referrer URLs.

  2. Set the Referrers field to the web domains you would like to restrict the access token to. To learn more about referrers, go to OAuth credentials (for app authentication).

    Dialog box titled "Referrer URLs" with a text entry field where referrer URLs can be added. Two referrer URLs have been added to this credential.
  3. Under Application environment, select the type of environment your application will run in. This will affect when the OAuth credentials appear in portal search results.

    Selector titled "Application environment" that affects how the item appears in filtered seach results. The options include environments such as "Browser", "Server", "Native", and "Multiple" and the "Multiple" option has been selected.
  4. Click Next.

Select privileges

You can configure the settings of OAuth 2.0 credentials to configure the privileges of access tokens granted via app authentication. For an access token to work in your application, it needs to have the correct privileges to access the content and services your app is using. Select the privileges your app requires in this menu.

  1. In the Create developer credentials > Privileges window, browse the available privileges.

    Privilege selection window (ArcGIS Enterprise)
  2. Select the privileges required by your application and click Next.

Select items (optional)

If your application will require access to specific private items, you will need to configure your developer credentials to access them. The Item access menu allows you to browse your portal's content and grant your developer credentials access to specific items.

  1. If your token does not require item access, click Skip.

  2. Otherwise, in the Grant item access window, click Browse items.

    A button with the text "Browse items".
  3. Select the items you want to grant access to. You can select up to 100 items in this menu.

    Dialog box titled "Item access" that lists all items owned by an account. There is a checkbox next to each item that allows for items to be selected, in order to grant the credential access to that item.
  4. Click Add items.

Save the item

After configuring the properties of your OAuth credentials, you can save the credentials as a new item.

  1. In the Create developer credentials window, set the following properties:

    • Title: My OAuth credentials (for app authentication)
    • Folder: Developer credentials (Create a new folder)
    • Tags: Add tags related to the privileges of the credentials.
    • Description: Describe the application that these developer credentials will be used in.

    ![Dialog box containing item details including the item title, folder, tags, and description, each with a text entry box. The information has been filled out according to the step above.]](../images/oauth-credentials-details.png)

    Click Next.

  2. In the Summary window, review the properties, privileges, and item access you have set. If you selected any privileges to access portal service operations, you must acknowledge the security implications before moving forward.

    Acknowledgement checkbox that describes the security implications of the privileges you have selected. The checkbox must be selected to create the credential. This will only appear if portal service privileges have been selected.
  3. Click Create to create your OAuth credentials.

Copy the client ID and client secret

Your OAuth credentials contain client_id and client_secret parameters that are required to implement app authentication. Copy these values and paste them into your application or script.

  1. On the item page of your OAuth credentials, scroll down to Credentials.

  2. Copy the Client ID and Client Secret values and paste them into your application. Never expose the value of your client secret.

    The client credentials properties of the item. A client ID and client secret are both listed, with the option to copy both values to the clipboard.

Manage your credentials

After creating an OAuth credentials item, its privileges and item access can be managed at any time by going to the item page.

To learn more and see management steps, go to OAuth credentials (for app authentication).

Additional resources

Learn more about app authentication in the following topics:

Your browser is no longer supported. Please upgrade your browser for the best experience. See our browser deprecation post for more details.