ArcGIS and network credentials

You can access resources secured with user authentication, app authentication, or network authentication using the available credential types.

• ArcGIS credentials are used to access resources secured by ArcGIS authentication methods, such as OAuth, Identity-Aware Proxy (IAP), and ArcGIS token. For more information, see ArcGIS credentials.
• Network credentials are used to access resources secured by network authentication methods, such as Integrated Windows Authentication (IWA) and Client Certificate (PKI). For more information, see Network credentials.

ArcGIS credentials

You can access secured resources with user authentication or app authentication using the following credential types.

• OAuth user credential - A credential object used to access OAuth token-secured ArcGIS resources with a specific OAuthUserConfiguration.
• OAuth application credential - A credential object used to access OAuth token-secured ArcGIS resources using the application's credentials.
• Token credential - A credential object used to access token-secured ArcGIS resources.
• Pregenerated token credential - A credential object used to access token-secured ArcGIS resources using a token that is generated outside of your application.

If you know the services domain/server context, you can create an ArcGIS credential, independent of loading the specific resource and store it in the ArcGISCredentialStore.

OAuth user credential

To create an OAuthUserCredential, provide an OAuthUserConfiguration with a valid portal URL, client ID, and redirect URL. This will present the OAuth sign in page for the user to enter their username and password. Once the OAuthUserCredential is created, you will be able to retrieve the access token information from the asynchronous getTokenInfo() method.

1
2
3
4
5
6
7
8
9
final oauthUserConfiguration = OAuthUserConfiguration(
    portalUri: portalUri,
    clientId: 'clientId',
    redirectUri: redirectUri,
);
final credential = await OAuthUserCredential.create(
    configuration: oauthUserConfiguration,
);
final tokenInfo = await credential.getTokenInfo();

OAuth application credential

To create an OAuthApplicationCredential, provide a valid portal URL, a client ID, and a client secret. Optionally, you can specify the token expiration in minutes. Once the OAuthApplicationCredential is created, you will be able to access the token information using the asynchronous getTokenInfo() method.

1
2
3
4
5
6
7
final credential = OAuthApplicationCredential.create(
    portalUri: portalUri,
    clientId: 'clientId',
    clientSecret: 'clientSecret',
    tokenExpirationInterval: 5,
);
final tokenInfo = await credential.getTokenInfo();

Token credential

To create a TokenCredential, provide a secured service URL, valid username, and password. Optionally, you can specify token expiration minutes. Once a TokenCredential is created, you will be able to access token information from the asynchronous getTokenInfo() method.

1
2
3
4
5
6
7
final credential = await TokenCredential.create(
    uri: uri,
    username: 'username',
    password: 'password',
    tokenExpirationInterval: 5,
);
final tokenInfo = await credential.getTokenInfo();

Pregenerated token credential

To create a PregeneratedTokenCredential, provide a previously generated short or long-lived access token. Use this credential when the access token is created using the generateToken REST endpoint directly. You must provide the referer if one was used while generating the token.

1
2
3
4
5
6
7
8
9
10
final tokenInfo = TokenInfo.create(
    accessToken: 'accessToken',
    expirationDate: date,
    isSslRequired: true,
);
final credential = PregeneratedTokenCredential(
    uri: uri,
    tokenInfo: tokenInfo,
    referer: 'referer',
);

Network credentials

You can access resources secured by network authentication using the appropriate NetworkCredential:

• Password credentials: Use BasicNetworkCredential to authenticate HTTP Basic secured hosts, DigestNetworkCredential to authenticate HTTP Digest secured hosts and NtlmNetworkCredential to authenticate Integrated Windows Authentication (IWA) hosts using NTLM.

• Client certificate network credential - A credential that is used to authenticate Client Certificate (PKI) secured resources.

• Server trust network credential - A credential that specifies that a server should be trusted.

Password credentials

• The BasicNetworkCredential is used to authenticate HTTP Basic secured resources.

  Use dark colors for code blocksCopy

  1
  2
  3
  4
  5
  final basicNetworkCredential = BasicNetworkCredential.forChallenge(
    challenge,
    'username',
    'password',
  );

• The DigestNetworkCredential is used to authenticate HTTP Digest secured resources.

  Use dark colors for code blocksCopy

  1
  2
  3
  4
  5
  final digestNetworkCredential = DigestNetworkCredential.forChallenge(
    challenge,
    'username',
    'password',
  );

• The NtlmNetworkCredential is used to authenticate NTLM secured resources.

  Use dark colors for code blocksCopy

  1
  2
  3
  4
  5
  final ntlmNetworkCredential = NtlmNetworkCredential.forChallenge(
    challenge,
    'username',
    'password',
  );

Client certificate network credential

A ClientCertificateNetworkCredential is used to authenticate Public Key Infrastructure (PKI) secured resources. To create a client certificate network credential, pass in a string that represents the host, the URL for a .p12 or .pfx extension certificate file on disk and a password.

1
2
3
4
5
6
7
8
9
final privateKey = File(
  '/path/to/certificate.pfx',
).readAsBytesSync();

final clientCertificateNetworkCredential = ClientCertificateNetworkCredential.forChallenge(
  challenge,
  privateKey,
  'password',
);

Server trust network credential

To trust a development server that uses a self-signed certificate (untrusted host), create a ServerTrustNetworkCredential and specify that the server should be trusted.

1
2
final serverTrustNetworkCredential =
    ServerTrustNetworkCredential.forChallenge(challenge);