Learn how to authenticate a user to access a secure ArcGIS service with OAuth 2.0.
In this tutorial, you will build an app that uses named user login credentials to access a secure ArcGIS service using OAuth 2.0.
The ArcGIS Platform supports several authentication methods that you can implement to access ArcGIS premium services and secure content. To implement OAuth 2.0, you can use your ArcGIS account to register an application and get a client ID, and then configure your app to redirect users to login with their credentials when the service or content is accessed. This is known as "named user" or ArcGIS identity authentication. If the app uses premium services that consume credits, the app user's account will be charged.
You will implement OAuth 2.0 so users can sign in to ArcGIS to access the ArcGIS Traffic Layer service.
Use the ArcGIS Developer dashboard to register your app, generate a client ID, and set a redirect URI to access the secure service.
Use this redirect URL when creating the OAuthConfiguration when iOS returns control back to your app after OAuth 2.0 login. If you change this value, you must change it everywhere it is referenced.
Sign in to your ArcGIS developer account. If you don't already have one, sign-up for free. You need to sign in so you can create an application and get a client ID for authentication.
Click the OAuth 2.0 tab in the ribbon at the top.
Click the New Application button in the upper-left of the page.
In the Create New Application window, provide a Name and an optional Description for your app and click Create application. When the application is created, it will have a Client ID, a Client Secret, and a Temporary Token property you can view.
Click the Add URI button at the bottom of the page to add a redirect URL.
In the Add Allowed URI window, type my-app://auth and click Add.
You'll use the Client ID and the redirect URL in your iOS app.
Open a Xcode project
To start the tutorial, complete the Display a map tutorial or download and unzip the solution.
Open the .xcodeproj file in Xcode.
If you downloaded the solution project, set your API key.
An API Key enables access to services, web maps, and web scenes hosted in ArcGIS Online.
Go to your developer dashboard to get your API key.
For these tutorials, use your default API key. It is scoped to include all of the services demonstrated in the tutorials.
In Xcode, in the Project Navigator, click AppDelegate.swift.
In the editor, set the APIKey property on the AGSArcGISRuntimeEnvironment with your API key.
AppDelegate.swift
Use dark colors for code blocks
Change line
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
// Copyright 2021 Esri//// Licensed under the Apache License, Version 2.0 (the "License");// you may not use this file except in compliance with the License.// You may obtain a copy of the License at//// https://www.apache.org/licenses/LICENSE-2.0//// Unless required by applicable law or agreed to in writing, software// distributed under the License is distributed on an "AS IS" BASIS,// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.// See the License for the specific language governing permissions and// limitations under the License.import UIKit
import ArcGIS
@UIApplicationMainclassAppDelegate: UIResponder, UIApplicationDelegate{
var window: UIWindow?
funcapplication(_application: UIApplication,
didFinishLaunchingWithOptionslaunchOptions: [UIApplication.LaunchOptionsKey: Any]?) -> Bool {
// Note: it is not best practice to store API keys in source code.// The API key is referenced here for the convenience of this tutorial.AGSArcGISRuntimeEnvironment.apiKey ="YOUR_API_KEY"returntrue }
}
Set the app settings
Create a new Swift file and define constants you'll need in the app.
Add a new Swift file to your Xcode project named AppConfiguration. You will use this file to hold configuration constants required by your app.
In Xcode's app menu, select File > New > File.
Select Swift File from the Source sub-menu.
Name the file AppConfiguration and ensure your app's target is checked.
Click create.
Add the following to AppConfiguration.swift. Then, change "YOUR-APP-CLIENT-ID" to the Client ID obtained from the first step above. Update the URL scheme and path to match your Redirect URIs entry.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
// Copyright 2021 Esri//// Licensed under the Apache License, Version 2.0 (the "License");// you may not use this file except in compliance with the License.// You may obtain a copy of the License at//// https://www.apache.org/licenses/LICENSE-2.0//// Unless required by applicable law or agreed to in writing, software// distributed under the License is distributed on an "AS IS" BASIS,// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.// See the License for the specific language governing permissions and// limitations under the License.import Foundation
extensionString{
staticlet clientID ="YOUR-APP-CLIENT-ID"staticlet urlScheme ="my-app"staticvar redirectURL: String { "\(urlScheme)://" }
staticlet keychainIdentifier ="\(Bundle.main.bundleIdentifier!).keychainIdentifier"}
extensionURL{
staticlet trafficLayerURL =URL(string: "https://traffic.arcgis.com/arcgis/rest/services/World/Traffic/MapServer")!}
Replace the client_id and redirect_url values with the values shown on the authentication tab of your application definition.
Add layer to map
Add an operational layer to the map and test run the app.
Open ViewController.swift and update the existing setupMap() method to add the World Traffic layer to the map.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
// Copyright 2021 Esri//// Licensed under the Apache License, Version 2.0 (the "License");// you may not use this file except in compliance with the License.// You may obtain a copy of the License at//// https://www.apache.org/licenses/LICENSE-2.0//// Unless required by applicable law or agreed to in writing, software// distributed under the License is distributed on an "AS IS" BASIS,// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.// See the License for the specific language governing permissions and// limitations under the License.import UIKit
import ArcGIS
classViewController: UIViewController{
@IBOutletweakvar mapView: AGSMapView!
privatefuncsetupMap() {
let map =AGSMap(
basemapStyle: .arcGISTopographic
)
mapView.map = map
mapView.setViewpoint(
AGSViewpoint(
latitude: 34.02700,
longitude: -118.80500,
scale: 72_000 )
)
let trafficLayer =AGSArcGISMapImageLayer(url: .trafficLayerURL)
map.operationalLayers.add(trafficLayer)
}
overridefuncviewDidLoad() {
super.viewDidLoad()
setupMap()
}
}
Press <Command+R> to run the app.
Only the basemap displays in the map. The traffic layer will not load until you use the AGSAuthenticationManager to log in with an authorized account.
Integrate OAuth 2.0 into your app
Add OAuth components to your app, including adding the redirect URL to the app's plist file, and setting up AGSAuthenticationManager.
Configure a redirect URL scheme for your app. Right-click on info.plist file in the Project Navigator and then select Open As > / Source Code. Edit the file just after the opening top-level <dict> tag and add the following XML:
Be sure to use your exact bundle identifier for your app.
Use the scheme part of the Redirect URI you configured in the application definition, but without the path (everything before the ://). This is how OAuth 2.0 in iOS is able to return information about the authentication process back to your app. Note these strings must match exactly.
Open AppDelegate.swift to setup the AGSAuthenticationManager in your AppDelegate. Import the ArcGIS library.
AppDelegate.swift
Use dark colors for code blocks
Add line.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
// Copyright 2021 Esri//// Licensed under the Apache License, Version 2.0 (the "License");// you may not use this file except in compliance with the License.// You may obtain a copy of the License at//// https://www.apache.org/licenses/LICENSE-2.0//// Unless required by applicable law or agreed to in writing, software// distributed under the License is distributed on an "AS IS" BASIS,// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.// See the License for the specific language governing permissions and// limitations under the License.import UIKit
import ArcGIS
@UIApplicationMainclassAppDelegate: UIResponder, UIApplicationDelegate{
var window: UIWindow?
funcapplication(_application: UIApplication,
didFinishLaunchingWithOptionslaunchOptions: [UIApplication.LaunchOptionsKey: Any]?) -> Bool {
setupOAuthManager()
returntrue }
}
// MARK: - OAuthextensionAppDelegate{
privatefuncsetupOAuthManager() {
// Initialize OAuth configuration with client ID and redirect URL.let config =AGSOAuthConfiguration(portalURL: nil,
clientID: .clientID,
redirectURL: .redirectURL)
// Add OAuth configuration to authentication manager.AGSAuthenticationManager.shared()
.oAuthConfigurations
.add(config)
// Enable auto-sync to keychain on the auth manager's credential cache.AGSAuthenticationManager.shared()
.credentialCache
.enableAutoSyncToKeychain(withIdentifier: .keychainIdentifier,
accessGroup: nil,
acrossDevices: false)
}
}
Add a new method to setup the authentication manager in AppDelegate.swift. This code creates a configuration with the parameters you assigned to your app in AppConfiguration and then assigns that configuration to the AGSAuthenticationManager. The credentials are also saved in the device's keychain.
To construct the required redirectURL, combine the urlScheme and urlAuthPath from your AppConfiguration separated with ://.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
// Copyright 2021 Esri//// Licensed under the Apache License, Version 2.0 (the "License");// you may not use this file except in compliance with the License.// You may obtain a copy of the License at//// https://www.apache.org/licenses/LICENSE-2.0//// Unless required by applicable law or agreed to in writing, software// distributed under the License is distributed on an "AS IS" BASIS,// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.// See the License for the specific language governing permissions and// limitations under the License.import UIKit
import ArcGIS
@UIApplicationMainclassAppDelegate: UIResponder, UIApplicationDelegate{
var window: UIWindow?
funcapplication(_application: UIApplication,
didFinishLaunchingWithOptionslaunchOptions: [UIApplication.LaunchOptionsKey: Any]?) -> Bool {
setupOAuthManager()
returntrue }
}
// MARK: - OAuthextensionAppDelegate{
privatefuncsetupOAuthManager() {
// Initialize OAuth configuration with client ID and redirect URL.let config =AGSOAuthConfiguration(portalURL: nil,
clientID: .clientID,
redirectURL: .redirectURL)
// Add OAuth configuration to authentication manager.AGSAuthenticationManager.shared()
.oAuthConfigurations
.add(config)
// Enable auto-sync to keychain on the auth manager's credential cache.AGSAuthenticationManager.shared()
.credentialCache
.enableAutoSyncToKeychain(withIdentifier: .keychainIdentifier,
accessGroup: nil,
acrossDevices: false)
}
}
Add a call to setupOAuthManager() from the application launch.
AppDelegate.swift
Use dark colors for code blocks
Add line.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
// Copyright 2021 Esri//// Licensed under the Apache License, Version 2.0 (the "License");// you may not use this file except in compliance with the License.// You may obtain a copy of the License at//// https://www.apache.org/licenses/LICENSE-2.0//// Unless required by applicable law or agreed to in writing, software// distributed under the License is distributed on an "AS IS" BASIS,// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.// See the License for the specific language governing permissions and// limitations under the License.import UIKit
import ArcGIS
@UIApplicationMainclassAppDelegate: UIResponder, UIApplicationDelegate{
var window: UIWindow?
funcapplication(_application: UIApplication,
didFinishLaunchingWithOptionslaunchOptions: [UIApplication.LaunchOptionsKey: Any]?) -> Bool {
setupOAuthManager()
returntrue }
}
// MARK: - OAuthextensionAppDelegate{
privatefuncsetupOAuthManager() {
// Initialize OAuth configuration with client ID and redirect URL.let config =AGSOAuthConfiguration(portalURL: nil,
clientID: .clientID,
redirectURL: .redirectURL)
// Add OAuth configuration to authentication manager.AGSAuthenticationManager.shared()
.oAuthConfigurations
.add(config)
// Enable auto-sync to keychain on the auth manager's credential cache.AGSAuthenticationManager.shared()
.credentialCache
.enableAutoSyncToKeychain(withIdentifier: .keychainIdentifier,
accessGroup: nil,
acrossDevices: false)
}
}
Press <Command+R> to run the app in the iOS Simulator.
Other ways to run the project in Xcode:
In Xcode's app menu, select Product > Run.
Press the Run button at the top-left of the Xcode project window.
