Access services with OAuth 2.0

Learn how to authenticate a user to access a secure ArcGIS service with OAuth 2.0.

access services with oauth 2

In this tutorial, you will build an app that uses named user login credentials to access a secure ArcGIS service using OAuth 2.0.

You can use different authentication methods to access ArcGIS location services. To implement OAuth 2.0, you can use your ArcGIS account to register an application and get a client ID, and then configure your app to redirect users to login with their credentials when the service or content is accessed. This is known as "named user" or ArcGIS identity authentication. If the app uses premium services that consume credits, the app user's account will be charged.

You will implement OAuth 2.0 so users can sign in to ArcGIS to access the ArcGIS World Traffic service.

Prerequisites

The following is required for this tutorial:

  1. Your system meets the system requirements.

Steps

Configure OAuth 2.0 for your app

Use the ArcGIS Developer dashboard to register your app, generate a client ID, and set a redirect URI to access the secure service.

Use this redirect URL when creating the OAuthConfiguration when iOS returns control back to your app after OAuth 2.0 login. If you change this value, you must change it everywhere it is referenced.

  1. Sign in to your ArcGIS developer account. If you don't already have one, sign-up for free. You need to sign in so you can create an application and get a client ID for authentication.

  2. Click the OAuth 2.0 tab in the ribbon at the top.

  3. Click the New Application button in the upper-left of the page.

  4. In the Create New Application window, provide a Name and an optional Description for your app and click Create application. When the application is created, it will have a Client ID, a Client Secret, and a Temporary Token property you can view.

  5. Click the Add URI button at the bottom of the page to add a redirect URL.

  6. In the Add Allowed URI window, type my-app://auth and click Add.

    You'll use the Client ID and the redirect URL in your iOS app.

Open the Xcode project

  1. To start the tutorial, complete the Display a map tutorial or download and unzip the solution.

  2. Open the .xcodeproj file in Xcode.

Set the app settings

Create a new Swift file and define constants you'll need in the app.

  1. Add a new Swift file to your Xcode project named AppConfiguration. You will use this file to hold configuration constants required by your app.

    • In Xcode's app menu, select File > New > File.
    • Select Swift File from the Source sub-menu.
    • Name the file AppConfiguration and ensure your app's target is checked.
    • Click create.
  2. Add the following to AppConfiguration.swift. Then, change "YOUR-APP-CLIENT-ID" to the Client ID obtained from the first step above. Update the URL scheme and path to match your Redirect URIs entry.

    AppConfiguration.swift
    Expand
    Use dark colors for code blocks
                              
    Add line.Add line.Add line.Add line.Add line.Add line.Add line.Add line.Add line.Add line.
    1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    11
    12
    13
    14
    15
    16
    17
    18
    19
    20
    21
    22
    23
    24
    25
    26
    extension String {
        static let clientID = "YOUR-APP-CLIENT-ID"
        static let urlScheme = "my-app"
        static var redirectURL: String { "\(urlScheme)://" }
        static let keychainIdentifier = "\(Bundle.main.bundleIdentifier!).keychainIdentifier"
    }
    
    extension URL {
        static let trafficLayerURL = URL(string: "https://traffic.arcgis.com/arcgis/rest/services/World/Traffic/MapServer")!
    }
    • Replace the client_id and redirect_url values with the values shown on the authentication tab of your application definition.

Add layer to map

Add an operational layer to the map and test run the app.

  1. Open ViewController.swift and update the existing setupMap() method to add the World Traffic layer to the map.

    The World Traffic layer is a premium service on ArcGIS Online that requires authentication for access.

    ViewController.swift
    Expand
    Use dark colors for code blocks
                                                 
    Add line.Add line.
    1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    11
    12
    13
    14
    15
    16
    17
    18
    19
    20
    21
    22
    23
    24
    25
    26
    27
    28
    29
    30
    31
    32
    33
    34
    35
    36
    37
    38
    39
    40
    41
    42
    43
    44
    45
            let trafficLayer = AGSArcGISMapImageLayer(url: .trafficLayerURL)
            map.operationalLayers.add(trafficLayer)
    
    Expand
  2. Press <Command+R> to run the app.

Only the basemap displays in the map. The traffic layer will not load until you use the AGSAuthenticationManager to log in with an authorized account.

Integrate OAuth 2.0 into your app

Add OAuth components to your app, including adding the redirect URL to the app's plist file, and setting up AGSAuthenticationManager.

  1. Configure a redirect URL scheme for your app. Right-click on info.plist file in the Project Navigator and then select Open As > / Source Code. Edit the file just after the opening top-level <dict> tag and add the following XML:

    Be sure to use your exact bundle identifier for your app.

    Use the scheme part of the Redirect URI you configured in the application definition, but without the path (everything before the ://). This is how OAuth 2.0 in iOS is able to return information about the authentication process back to your app. Note these strings must match exactly.

    Info.plist
    Expand
    Use dark colors for code blocks
                                                                 
    Add line.Add line.Add line.Add line.Add line.Add line.Add line.Add line.Add line.Add line.Add line.Add line.Add line.
    1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    11
    12
    13
    14
    15
    16
    17
    18
    19
    20
    21
    22
    23
    24
    25
    26
    27
    28
    29
    30
    31
    32
    33
    34
    35
    36
    37
    38
    39
    40
    41
    42
    43
    44
    45
    46
    47
    48
    49
    50
    51
    52
    53
    54
    55
    56
    57
    58
    59
    60
    61
    	<key>CFBundleURLTypes</key>
    	<array>
    		<dict>
    			<key>CFBundleTypeRole</key>
    			<string>Editor</string>
    			<key>CFBundleURLName</key>
    			<string>com.esri.access-services-with-oauth</string>
    			<key>CFBundleURLSchemes</key>
    			<array>
    				<string>my-app</string>
    			</array>
    		</dict>
    	</array>
    
    Expand
  2. Open AppDelegate.swift to setup the AGSAuthenticationManager in your AppDelegate. Import the ArcGIS library.

    AppDelegate.swift
    Expand
    Use dark colors for code blocks
                                                           
    Add line.
    1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    11
    12
    13
    14
    15
    16
    17
    18
    19
    20
    21
    22
    23
    24
    25
    26
    27
    28
    29
    30
    31
    32
    33
    34
    35
    36
    37
    38
    39
    40
    41
    42
    43
    44
    45
    46
    47
    48
    49
    50
    51
    52
    53
    54
    55
    import UIKit
    
    import ArcGIS
    
    Expand
  3. Add a new method to setup the authentication manager in AppDelegate.swift. This code creates a configuration with the parameters you assigned to your app in AppConfiguration and then assigns that configuration to the AGSAuthenticationManager. The credentials are also saved in the device's keychain.

    To construct the required redirectURL, combine the urlScheme and urlAuthPath from your AppConfiguration separated with ://.

    AppDelegate.swift
    Expand
    Use dark colors for code blocks
                                                           
    Add line.Add line.Add line.Add line.Add line.Add line.Add line.Add line.Add line.Add line.Add line.Add line.Add line.Add line.Add line.Add line.Add line.Add line.Add line.
    1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    11
    12
    13
    14
    15
    16
    17
    18
    19
    20
    21
    22
    23
    24
    25
    26
    27
    28
    29
    30
    31
    32
    33
    34
    35
    36
    37
    38
    39
    40
    41
    42
    43
    44
    45
    46
    47
    48
    49
    50
    51
    52
    53
    54
    55
    // MARK: - OAuth
    extension AppDelegate {
        private func setupOAuthManager() {
            // Initialize OAuth configuration with client ID and redirect URL.
            let config = AGSOAuthConfiguration(portalURL: nil,
                                               clientID: .clientID,
                                               redirectURL: .redirectURL)
            // Add OAuth configuration to authentication manager.
            AGSAuthenticationManager.shared()
                .oAuthConfigurations
                .add(config)
            // Enable auto-sync to keychain on the auth manager's credential cache.
            AGSAuthenticationManager.shared()
                .credentialCache
                .enableAutoSyncToKeychain(withIdentifier: .keychainIdentifier,
                                          accessGroup: nil,
                                          acrossDevices: false)
        }
    }
  4. Add a call to setupOAuthManager() from the application launch.

    AppDelegate.swift
    Expand
    Use dark colors for code blocks
                                                           
    Add line.
    1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    11
    12
    13
    14
    15
    16
    17
    18
    19
    20
    21
    22
    23
    24
    25
    26
    27
    28
    29
    30
    31
    32
    33
    34
    35
    36
    37
    38
    39
    40
    41
    42
    43
    44
    45
    46
    47
    48
    49
    50
    51
    52
    53
    54
    55
        func application(_ application: UIApplication,
                         didFinishLaunchingWithOptions launchOptions: [UIApplication.LaunchOptionsKey: Any]?) -> Bool {
    
            setupOAuthManager()
    
            return true
        }
    
    Expand
  5. Press <Command+R> to run the app.

    If you are using the Xcode simulator your system must meet these minimum requirements: macOS Big Sur 11.3, Xcode 13, iOS 13. If you are using a physical device, then refer to the system requirements.

What's next?

Your browser is no longer supported. Please upgrade your browser for the best experience. See our browser deprecation post for more details.