Access services with OAuth credentials | ArcGIS Maps SDK for Java

Learn how to implement user authenticationUser authentication is a type of authentication that allows users with an ArcGIS account to sign into an application and allow it to access ArcGIS content, services, and resources on their behalf. The typical authorization protocol used is OAuth2.0.Learn more to access a secure ArcGIS serviceA service, also known as an ArcGIS service, is software that supports an ArcGIS REST API and provides geospatial functionality or data. A service can be hosted by Esri or in ArcGIS Enterprise.Learn more with OAuth credentialsOAuth credentials are an item that contains parameters required to implement user authentication or app authentication, including a client_id, client_secret, and redirect URIs. They are a type of developer credential.Learn more.

You can use different types of authentication to access secured ArcGIS servicesA service, also known as an ArcGIS service, is software that supports an ArcGIS REST API and provides geospatial functionality or data. A service can be hosted by Esri or in ArcGIS Enterprise.Learn more. To implement OAuth credentials for user authenticationUser authentication is a type of authentication that allows users with an ArcGIS account to sign into an application and allow it to access ArcGIS content, services, and resources on their behalf. The typical authorization protocol used is OAuth2.0.Learn more, you can use your ArcGIS accountAn ArcGIS account is an identity with a user type and set of privileges that can access specific ArcGIS products, tools, APIs, services, and resources. The main account types that can be used for development are an ArcGIS Location Platform account, ArcGIS Online account, and ArcGIS Enterprise account. ArcGIS Location Platform and ArcGIS Online accounts are also associated with a subscription.Learn more to register an app with your portalArcGIS portal, also known as a portal, is a website with applications and tools that can be used to create, manage, access, and share geospatial content and data. It supports security and authentication, developer credentials, content and data service management, user and group management, and site administration. A portal can be hosted in Esri's infrastructure or your own infrastructure.Learn more and get a Client IDA Client ID is an identifier associated with an application that assists with client / server OAuth 2.0 authentication for ArcGIS client APIs.Learn more, and then configure your app to redirect users to login with their credentials when the service or content is accessed. This is known as user authentication. If the app uses premium ArcGIS OnlineArcGIS Online is a GIS mapping, analytics, data hosting, and content management software as a service (SaaS) product. It includes applications, tools, APIs, and location services for users and developers. It is subscription-based and requires an ArcGIS Online account.Learn more services that consume creditsCredits are the currency used by ArcGIS Online Organization accounts to account for data storage and location service consumption. Credits are consumed for specific transactions, such as accessing location services, and types of storage, such as storing features, performing analytics, and using premium content.Learn more, for example, the app user's account will be charged.

In this tutorial, you will build an app that implements user authentication using OAuth credentials so users can sign in and be authenticated through ArcGIS Online to access the ArcGIS World Traffic service.

Prerequisites

Before starting this tutorial:

You need an ArcGIS Location Platform or ArcGIS Online account.
Confirm that your system meets the minimum system requirements.
An IDE for Java.

Steps

Create OAuth credentials for user authentication

OAuth credentialsOAuth credentials are an item that contains parameters required to implement user authentication or app authentication, including a client_id, client_secret, and redirect URIs. They are a type of developer credential.Learn more are required to implement user authenticationUser authentication is a type of authentication that allows users with an ArcGIS account to sign into an application and allow it to access ArcGIS content, services, and resources on their behalf. The typical authorization protocol used is OAuth2.0.Learn more. These credentials are created and stored as an Application itemAn item, also known as a content item, is a resource stored in a portal such as a web map, hosted layer, style, script tool, file, or notebook.Learn more in your organization's portalArcGIS portal, also known as a portal, is a website with applications and tools that can be used to create, manage, access, and share geospatial content and data. It supports security and authentication, developer credentials, content and data service management, user and group management, and site administration. A portal can be hosted in Esri's infrastructure or your own infrastructure.Learn more.

Go to the Create OAuth credentials for user authentication tutorial and create OAuth credentialsOAuth credentials are an item that contains parameters required to implement user authentication or app authentication, including a client_id, client_secret, and redirect URIs. They are a type of developer credential.Learn more using your ArcGIS Location PlatformAn ArcGIS Location Platform account, formerly known as an ArcGIS Developer account, is an identity associated with an ArcGIS Location Platform subscription.Learn more or ArcGIS OnlineAn ArcGIS Online account, also known as an ArcGIS Organization account, is an identity associated with an ArcGIS Online subscription. It can be used to access ArcGIS tools and develop applications with ArcGIS location services for an organization.Learn more account.
Copy the Client ID and Redirect URL as you will use them to implement user authenticationUser authentication is a type of authentication that allows users with an ArcGIS account to sign into an application and allow it to access ArcGIS content, services, and resources on their behalf. The typical authorization protocol used is OAuth2.0.Learn more later in this tutorial. The Client ID is found on the Application itemAn item, also known as a content item, is a resource stored in a portal such as a web map, hosted layer, style, script tool, file, or notebook.Learn more's Overview page, while the Redirect URL is found on the Settings page.

The Client ID uniquely identifies your app on the authenticating server. If the server cannot find an app with the provided Client ID, it will not proceed with authentication.

The Redirect URL (also referred to as a callback url) is used to identify a response from the authenticating server when the system returns control back to your app after an OAuth login. Since it does not necessarily represent a valid endpoint that a user could navigate to, the redirect URL can use a custom scheme, such as my-app://. You can configure several redirect URLs in your application definition and can remove or edit them. It's important to make sure the redirect URL used in your app's code matches a redirect URL configured for the application.

Open a Java project with Gradle

To start this tutorial, complete the Display a map tutorial, or download and unzip the Display a map solution into a new folder.
Open the build.gradle file as a project in IntelliJ IDEA.

Delete the code that sets your API Key. Since your app will be using OAuth, you will not need an API Key.

App.java
Use dark colors for code blocks
50
50
50
50
50
50
50
50
50
50
50
50
50
50
50
50
50
50
50
50
50
50
50
50
50
50
50
50
50
50
50
50
50
50
50
50
50
50
50
50
50
50
50
50
50
50
50
50
50
50
51
51
51
51
51
51
51
51
51
51
51
51
51
51
51
51
51
51
51
51
51
51
51
51
51
51
Remove line    ArcGISRuntimeEnvironment.setApiKey("YOUR_ACCESS_TOKEN");

Prepare files before coding the app

Modify the files from the Display a map tutorial so they can be used in this tutorial: you will add imports, change the application title, and modify the view point's scale.

In IntelliJ IDEA, locate the Project tool window, open src/main/java/com.example.app, and double-click App. Add the following imports, replacing those from the Display a map tutorial.

In the main menu of IntelliJ IDEA, click View > Tool Windows > Project. The Project Tool window displays, with a vertical tab on the left that says Project.
Inside the Project tool window, your view name should also be Project. If the view name is something else (such as Packages or Project Files), click on the leftmost control in the title bar of the Project tool window, and select Project from the drop-down list.

App.java
Use dark colors for code blocks
package com.example.app;

import com.esri.arcgisruntime.ArcGISRuntimeEnvironment;
import javafx.application.Application;
import javafx.scene.Scene;
import javafx.scene.layout.StackPane;
import javafx.stage.Stage;

import com.esri.arcgisruntime.layers.ArcGISMapImageLayer;
import com.esri.arcgisruntime.mapping.ArcGISMap;
import com.esri.arcgisruntime.mapping.BasemapStyle;
import com.esri.arcgisruntime.mapping.Viewpoint;
import com.esri.arcgisruntime.mapping.view.MapView;
import com.esri.arcgisruntime.security.AuthenticationManager;
import com.esri.arcgisruntime.security.DefaultAuthenticationChallengeHandler;
import com.esri.arcgisruntime.security.OAuthConfiguration;

public class App extends Application {

In the start() life cycle method, change the title that will appear on the application window to Access services with OAuth 2.0. In addition, add the try statement, which will be closed later on in the tutorial.

App.java
Use dark colors for code blocks
  @Override
  public void start(Stage stage) {

    try {

      // set title, size, and add scene to stage
      stage.setTitle("Access services with OAuth 2.0");

      stage.setWidth(800);
      stage.setHeight(700);
      stage.show();

Change the scale of the map's initial viewpoint to 72000. This scale will make the secured layer visible without zooming in.

App.java
Expand
Use dark colors for code blocks
      ArcGISMap map = new ArcGISMap(BasemapStyle.ARCGIS_TOPOGRAPHIC);

      // set the map on the map view
      mapView.setMap(map);

      mapView.setViewpoint(new Viewpoint(34.02700, -118.80543, 72000.0 ));
Expand

Implement user authentication using OAuth 2.0

This API abstracts some of the details for user authenticationUser authentication is a type of authentication that allows users with an ArcGIS account to sign into an application and allow it to access ArcGIS content, services, and resources on their behalf. The typical authorization protocol used is OAuth2.0.Learn more using OAuth credentialsOAuth credentials are an item that contains parameters required to implement user authentication or app authentication, including a client_id, client_secret, and redirect URIs. They are a type of developer credential.Learn more in your app. You can use classes such as AuthenticationManager to request, store, and manage credentials for secure resources.

Add code to set up the AuthenticationManager, which launches a small browser window titled Authentication Required. The user must enter log-in credentials before proceeding.

In the start() method, after the line that calls mapView.setViewpoint(), create an OAuthConfiguration.
App.java
Expand
Use dark colors for code blocks
```
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
      mapView.setViewpoint(new Viewpoint(34.02700, -118.80543, 72000.0 ));

      // set up an OAuth config with URL to portal, a Client ID and a Redirect URL
      OAuthConfiguration oAuthConfiguration = new OAuthConfiguration("YOUR-ORGANIZATION-URL", "YOUR-APP-CLIENT-ID", "YOUR-APP-REDIRECT-URL");
```
Expand
The OAuthConfiguration constructor takes three parameters:
- "YOUR-ORGANIZATION-URL": the URL for your organization's portalArcGIS portal, also known as a portal, is a website with applications and tools that can be used to create, manage, access, and share geospatial content and data. It supports security and authentication, developer credentials, content and data service management, user and group management, and site administration. A portal can be hosted in Esri's infrastructure or your own infrastructure.Learn more associated with the ArcGIS Location PlatformAn ArcGIS Location Platform account, formerly known as an ArcGIS Developer account, is an identity associated with an ArcGIS Location Platform subscription.Learn more or ArcGIS OnlineAn ArcGIS Online account, also known as an ArcGIS Organization account, is an identity associated with an ArcGIS Online subscription. It can be used to access ArcGIS tools and develop applications with ArcGIS location services for an organization.Learn more account you signed in with during Create OAuth credentials for user authentication above.
  Note
  If you can't remember the URL associated with your ArcGIS Location Platform or ArcGIS Online account, do the following:
  
  Sign in to your portalArcGIS portal, also known as a portal, is a website with applications and tools that can be used to create, manage, access, and share geospatial content and data. It supports security and authentication, developer credentials, content and data service management, user and group management, and site administration. A portal can be hosted in Esri's infrastructure or your own infrastructure.Learn more with your ArcGIS Location Platform or ArcGIS Online account.
  
  The URL for your organization will be visible in the browser's address bar. The format of the URL is: https://<short-name>.maps.arcgis.com.
- "YOUR-APP-CLIENT-ID": the Client ID from your Application itemAn item, also known as a content item, is a resource stored in a portal such as a web map, hosted layer, style, script tool, file, or notebook.Learn more's Overview tab in your portalArcGIS portal, also known as a portal, is a website with applications and tools that can be used to create, manage, access, and share geospatial content and data. It supports security and authentication, developer credentials, content and data service management, user and group management, and site administration. A portal can be hosted in Esri's infrastructure or your own infrastructure.Learn more.
- "YOUR-APP-REDIRECT-URL": the Redirect URL from your Application itemAn item, also known as a content item, is a resource stored in a portal such as a web map, hosted layer, style, script tool, file, or notebook.Learn more's Settings tab in your portalArcGIS portal, also known as a portal, is a website with applications and tools that can be used to create, manage, access, and share geospatial content and data. It supports security and authentication, developer credentials, content and data service management, user and group management, and site administration. A portal can be hosted in Esri's infrastructure or your own infrastructure.Learn more.

Create a DefaultAuthenticationChallengeHandler and set it on the AuthenticationManager. Then add the oAuthConfiguration to the AuthenticationManager.

App.java
Expand
Use dark colors for code blocks
      mapView.setViewpoint(new Viewpoint(34.02700, -118.80543, 72000.0 ));

      // set up an OAuth config with URL to portal, a Client ID and a Redirect URL
      OAuthConfiguration oAuthConfiguration = new OAuthConfiguration("YOUR-ORGANIZATION-URL", "YOUR-APP-CLIENT-ID", "YOUR-APP-REDIRECT-URL");

      // set up the authentication manager to handle authentication challenges
      DefaultAuthenticationChallengeHandler defaultAuthenticationChallengeHandler = new DefaultAuthenticationChallengeHandler();
      AuthenticationManager.setAuthenticationChallengeHandler(defaultAuthenticationChallengeHandler);
      // add the OAuth configuration
      AuthenticationManager.addOAuthConfiguration(oAuthConfiguration);
Expand

Create a file named style.css to specify the visual display of the Authentication Required browser window.

In the Project tool window, open src > main and right-click the main folder. In the context menu, click New > Directory and click resources under Gradle Source Sets. Hit Enter to create the folder.
In the Project tool window, right-click the resources folder. In the context menu, click New > File and name the file style.css.

Copy the code displayed below and paste it into the style.css file.

style.css
Use dark colors for code blocks

.panel-region .label {
  -fx-text-fill: white;
}

.label {
  -fx-text-fill: black;
}

.slider .axis {
    -fx-tick-label-fill: white;
}

.range-slider .axis {
    -fx-tick-label-fill: white;
}

.panel-region .check-box {
   -fx-text-fill: white;
}

.panel-region .radio-button {
   -fx-text-fill: white;
}

.color-picker .color-picker-label {
   -fx-text-fill: black;
}

Add a traffic layer

You will add a layer to display the ArcGIS World Traffic service, a dynamic map service that presents historical and near real-time traffic information for different regions in the world. This is a secure service and requires an ArcGIS Online organizational subscription.

ArcGIS World Traffic service data is updated every five minutes to provide traffic speed and traffic incident visualization and identification.

Traffic speeds are displayed as a percentage of free-flow speeds, which is frequently the speed limit or how fast cars tend to travel when unencumbered by other vehicles. The streets are color coded as follows:

Green (fast): 85 - 100% of free flow speeds
Yellow (moderate): 65 - 85%
Orange (slow); 45 - 65%
Red (stop and go): 0 - 45%

Create an ArcGISMapImageLayer to display the traffic service. Then add the layer to the map's collection of data layers (operational layers). In addition, you'll add the catch statement that corresponds to the try statement added earlier in the tutorial.

App.java
Expand
Use dark colors for code blocks
      // set up an OAuth config with URL to portal, a Client ID and a Redirect URL
      OAuthConfiguration oAuthConfiguration = new OAuthConfiguration("YOUR-ORGANIZATION-URL", "YOUR-APP-CLIENT-ID", "YOUR-APP-REDIRECT-URL");

      // set up the authentication manager to handle authentication challenges
      DefaultAuthenticationChallengeHandler defaultAuthenticationChallengeHandler = new DefaultAuthenticationChallengeHandler();
      AuthenticationManager.setAuthenticationChallengeHandler(defaultAuthenticationChallengeHandler);
      // add the OAuth configuration
      AuthenticationManager.addOAuthConfiguration(oAuthConfiguration);

      ArcGISMapImageLayer trafficLayer = new ArcGISMapImageLayer("https://traffic.arcgis.com/arcgis/rest/services/World/Traffic/MapServer");

      map.getOperationalLayers().add(trafficLayer);
    } catch (Exception e) {
      // on any error, display the stack trace.
      e.printStackTrace();
    }

  }
Expand

Run the app. Ensure to run the app as a Gradle task and not as an application in your IDE. In the Gradle tool window, under Tasks > application, double-click run.

You should initially see the mapA map is a collection of layers that are displayed in 2D. It is typically composed of a basemap layer and data layers.Learn more with the topographic basemap layerA basemap layer is the layer in a map or scene that displays basemap data. The data source for a basemap layer is typically a basemap service.Learn more centered on the Santa Monica Mountains in California. You will then be prompted for an ArcGIS Online username and password. After you authenticate successfully with ArcGIS Online, the traffic layer will appear in the map.