Learn how to authenticate a user to access a secure ArcGIS service with OAuth 2.0.
In this tutorial, you will build an app that uses named user login credentials to access a secure ArcGIS service using OAuth 2.0.
You can use different authentication methods to access ArcGIS location services. To implement OAuth 2.0, you can use your ArcGIS account to register an application and get a client ID, and then configure your app to redirect users to login with their credentials when the service or content is accessed. This is known as user authentication. If the app uses premium services that consume credits, the app user's account will be charged.
You will implement OAuth 2.0 so users can sign in to ArcGIS to access the ArcGIS World Traffic service.
Prerequisites
The following is required for this tutorial:
- Your system meets the system requirements.
Steps
Configure OAuth 2.0 for your app
Use the ArcGIS Developer dashboard to register your app, generate a client ID, and set a redirect URI to access the secure service.
Use this redirect URL when creating the OAuth
when iOS returns control back to your app after OAuth 2.0 login. If you change this value, you must change it everywhere it is referenced.
-
Sign in to your ArcGIS developer account. If you don't already have one, sign-up for free. You need to sign in so you can create an application and get a client ID for authentication.
-
Click the OAuth 2.0 tab in the ribbon at the top.
-
Click the New Application button in the upper-left of the page.
-
In the Create New Application window, provide a Name and an optional Description for your app and click Create application. When the application is created, it will have a
Client ID
, aClient Secret
, and aTemporary Token
property you can view. -
Click the Add URI button at the bottom of the page to add a redirect URL.
-
In the Add Allowed URI window, type
my-app:
and click Add.//auth You'll use the
Client ID
and theredirect URL
in your iOS app.
Open the Xcode project
-
To start the tutorial, complete the Display a map tutorial or download and unzip the solution.
-
Open the
.xcodeproj
file in Xcode.
Set the app settings
Create a new Swift file and define constants you'll need in the app.
-
Add a new Swift file to your Xcode project named
App
. You will use this file to hold configuration constants required by your app.Configuration - In Xcode's app menu, select File > New > File.
- Select
Swift File
from theSource
sub-menu. - Name the file
App
and ensure your app's target is checked.Configuration - Click create.
-
Add the following to AppConfiguration.swift. Then, change
"YOUR-APP-CLIENT-ID"
to the Client ID obtained from the first step above. Update the URL scheme and path to match your Redirect URIs entry.AppConfiguration.swiftUse dark colors for code blocks extension String { static let clientID = "YOUR-APP-CLIENT-ID" static let urlScheme = "my-app" static var redirectURL: String { "\(urlScheme)://" } static let keychainIdentifier = "\(Bundle.main.bundleIdentifier!).keychainIdentifier" } extension URL { static let trafficLayerURL = URL(string: "https://traffic.arcgis.com/arcgis/rest/services/World/Traffic/MapServer")! }
- Replace the
client_
andid redirect_
values with the values shown on the authentication tab of your application definition.url
- Replace the
Add layer to map
Add an operational layer to the map and test run the app.
-
Open ViewController.swift and update the existing
setup
method to add the World Traffic layer to the map.Map() The World Traffic layer is a premium service on ArcGIS Online that requires authentication for access.
ViewController.swiftUse dark colors for code blocks let trafficLayer = AGSArcGISMapImageLayer(url: .trafficLayerURL) map.operationalLayers.add(trafficLayer)
-
Press <Command+R> to run the app.
Only the basemap displays in the map. The traffic layer will not load until you use the AGSAuthentication
to log in with an authorized account.
Integrate OAuth 2.0 into your app
Add OAuth components to your app, including adding the redirect URL
to the app's plist
file, and setting up AGSAuthentication
.
-
Configure a redirect URL scheme for your app. Right-click on info.plist file in the Project Navigator and then select Open As > / Source Code. Edit the file just after the opening top-level
<dict>
tag and add the following XML:Be sure to use your exact bundle identifier for your app.
Use the scheme part of the Redirect URI you configured in the application definition, but without the path (everything before the
://
). This is how OAuth 2.0 in iOS is able to return information about the authentication process back to your app. Note these strings must match exactly.Info.plistUse dark colors for code blocks <key>CFBundleURLTypes</key> <array> <dict> <key>CFBundleTypeRole</key> <string>Editor</string> <key>CFBundleURLName</key> <string>com.esri.access-services-with-oauth</string> <key>CFBundleURLSchemes</key> <array> <string>my-app</string> </array> </dict> </array>
-
Open AppDelegate.swift to setup the
AGSAuthentication
in yourManager App
. Import the ArcGIS library.Delegate AppDelegate.swiftUse dark colors for code blocks import UIKit import ArcGIS
-
Add a new method to setup the authentication manager in
App
. This code creates a configuration with the parameters you assigned to your app inDelegate.swift App
and then assigns that configuration to theConfiguration AGSAuthentication
. The credentials are also saved in the device's keychain.Manager To construct the required
redirect
, combine theURL url
andScheme url
from yourAuth Path App
separated withConfiguration ://
.AppDelegate.swiftUse dark colors for code blocks // MARK: - OAuth extension AppDelegate { private func setupOAuthManager() { // Initialize OAuth configuration with client ID and redirect URL. let config = AGSOAuthConfiguration(portalURL: nil, clientID: .clientID, redirectURL: .redirectURL) // Add OAuth configuration to authentication manager. AGSAuthenticationManager.shared() .oAuthConfigurations .add(config) // Enable auto-sync to keychain on the auth manager's credential cache. AGSAuthenticationManager.shared() .credentialCache .enableAutoSyncToKeychain(withIdentifier: .keychainIdentifier, accessGroup: nil, acrossDevices: false) } }
-
Add a call to
setup
from the application launch.OAuth Manager() AppDelegate.swiftUse dark colors for code blocks func application(_ application: UIApplication, didFinishLaunchingWithOptions launchOptions: [UIApplication.LaunchOptionsKey: Any]?) -> Bool { setupOAuthManager() return true }
-
Press Command + R to run the app.
If you are using the Xcode simulator your system must meet these minimum requirements: macOS Big Sur 11.3, Xcode 13, iOS 13. If you are using a physical device, then refer to the system requirements.
What's next?
Learn how to use additional API features, ArcGIS location services, and ArcGIS tools in these tutorials: