• esri/identity

OAuthInfo

AMD: require(["esri/identity/OAuthInfo"], (OAuthInfo) => { /* code goes here */ });
ESM: import OAuthInfo from "@arcgis/core/identity/OAuthInfo";
Class: esri/identity/OAuthInfo
Inheritance: OAuthInfo Accessor
Since: ArcGIS API for JavaScript 4.0

This class contains information about an OAuth 2.0 configuration. Use it in combination with the IdentityManager widget to aid in working with OAuth 2.0 authentication.

One-step authentication has been superseded by the recommended two-step approach with Proof Key for Code Exchange (PKCE).

This update coincides with recommendations in the OAuth 2.1 specification. Although one-step authentication is still supported, the API will no longer default to this. If needing to retain this setting, it is necessary to set flowType to implicit.

Please refer to the 4.23 Release Notes for additional information regarding this update.

See also

Constructors

new OAuthInfo(properties)
Parameter
properties Object
optional

See the properties for a list of all the properties that may be passed into the constructor.

Example
require(["esri/identity/OAuthInfo", "esri/identity/IdentityManager"],
function (OAuthInfo, esriId)
{
  let info = new OAuthInfo({
    appId: "<put client id here>",
    flowType: "authorization-code" // this is needed for popups, otherwise it will revert to implicit flow
    popup: true // make sure to set callback page to one that supports authentication type
  });

  esriId.registerOAuthInfos([info]);
})

Property Overview

Any properties can be set, retrieved or listened to. See the Working with Properties topic.
Show inherited properties Hide inherited properties
Name Type Summary Class
String

The registered application id.

more details
OAuthInfo
String

Applications with the same value will share the stored token on the same host.

more details
OAuthInfo
String

The name of the class.

more details
Accessor
Number

The number of minutes that the token is valid.

more details
OAuthInfo
String

Set this property to specify the type of authentication to use.

more details
OAuthInfo
Boolean

Set this property to true to force the user to sign in with the id in userId.

more details
OAuthInfo
String

The locale for the OAuth sign-in page.

more details
OAuthInfo
Number

The minimum time in minutes before a saved token is due to expire that should still be considered valid for use.

more details
OAuthInfo
Boolean

Set to true to show the OAuth sign-in page in a popup window.

more details
OAuthInfo
String

Applicable if working with the popup user-login workflow.

more details
OAuthInfo
String

The window features passed to window.open().

more details
OAuthInfo
String

The ArcGIS Enterprise portal URL.

more details
OAuthInfo
Boolean

Set this property to true when popup is false in order to have the window's location hash value restored after signing in.

more details
OAuthInfo
String

The user id used when forceUserId is true.

more details
OAuthInfo

Property Details

appId String

The registered application id.

authNamespace String

Applications with the same value will share the stored token on the same host.

Default Value:/ (forward slash)
declaredClass Stringreadonly inherited
Since: ArcGIS API for JavaScript 4.7

The name of the class. The declared class name is formatted as esri.folder.className.

expiration Number

The number of minutes that the token is valid.

Default Value:20160 (two weeks)
flowType String
Since: ArcGIS API for JavaScript 4.23

Set this property to specify the type of authentication to use. One-step authentication has been superseded in favor of the recommended two-step approach (ie. grant_type=authorization-code).

This update coincides with recommendations in the OAuth 2.1 recommendation.

Possible Value Description
auto Automatically defaults to two-step authentication with PKCE if accessing resources from ArcGIS Online or ArcGIS Enterprise version 10.9 or higher and popup is false. One-step authentication is used if accessing an earlier version of ArcGIS Enterprise or if popup is true. If a popup is needed, use the authorization-code flow described below.
authorization-code Similar to auto, this also uses two-step authentication with PKCE. Use this type for applications using a popup. This does not check the server version. Do not use this type if accessing resources on older server versions without PKCE support.
implicit One-step authentication. This is no longer a recommended approach and has been superseded by two-step authentication. Use this type if working with older server versions (ie. prior to 10.9). Please refer to OAuth 2.0 Security Best Current Practices for additional information.

When signing into an application via a popup, the referenced callback page should be compatible for whatever authentication type is used. The default oauth-callback.html has been updated to allow for these updates in the two-step approach, although it will still work if using the one-step flow.

Possible Values:"auto"|"authorization-code"|"implicit"

Default Value:auto
Examples
// Default workflow
let infoAuto = new OAuthInfo({
  appId: "<put client id here>",
  flowType: "auto" // Default. If using a supported server/portal version and no popup, two-step authentication is used. If not, reverts to `implicit`.
  popup: false // Default
});
// Two-step workflow
let infoCode = new OAuthInfo({
  appId: "<put client id here>",
  flowType: "authorization-code" //  If using supported server/portal version and a popup, two-step authentication is used.
  popup: true,
  popupCallbackUrl: "oauth-callback.html" // Make sure the callback page supports this approach
});
// One-step workflow
let infoImplicit = new OAuthInfo({
  appId: "<put client id here>",
  flowType: "implicit" // no longer recommended. Should be used if working with older versions of Server/Portal, (ie. <10.9).
  popup: true,
  popupCallbackUrl: "oauth-callback.html" // Updated callback page works with both two-step and one-step authentication
});
forceUserId Boolean
Since: ArcGIS API for JavaScript 4.18

Set this property to true to force the user to sign in with the id in userId. If the userId is not set, it will update after the user signs in. If the token expires, the same user will be required to sign in again.

Default Value:false
See also
locale String

The locale for the OAuth sign-in page. The default locale is based on your browser/OS and the organization locale. You can use this property to change this. The locale needs to follow the language dash country code syntax supported by ArcGIS.com.

Default Value:Based on your browser/OS and the organization locale.
See also
minTimeUntilExpiration Number

The minimum time in minutes before a saved token is due to expire that should still be considered valid for use.

Default Value:30

Set to true to show the OAuth sign-in page in a popup window. Make certain to have a valid callback page referenced in the popupCallbackUrl. A sample callback page, oauth-callback.html, is provided to help with this. The referenced callback page should be compatible for whatever authentication type is used. The default oauth-callback.html has been updated to allow for these updates in the two-step approach, although it will still work if using the one-step flow.

Default Value:false
See also
popupCallbackUrl String

Applicable if working with the popup user-login workflow. This is a relative page URL that redirects the user back to the secured application after successful login.

The referenced callback page should be compatible for whatever authentication type is used. The default oauth-callback.html has been updated to allow for these updates in the two-step approach, although it will still work if using the one-step flow.

Default Value:"oauth-callback.html"
See also
popupWindowFeatures String

The window features passed to window.open().

Default Value:height=490,width=800,resizable,scrollbars,status
portalUrl String

The ArcGIS Enterprise portal URL.

Default Value:"https://www.arcgis.com"
preserveUrlHash Boolean
Since: ArcGIS API for JavaScript 4.14

Set this property to true when popup is false in order to have the window's location hash value restored after signing in.

Default Value:false
See also
userId String
Since: ArcGIS API for JavaScript 4.18

The user id used when forceUserId is true. This is updated after a user signs in, or it can be preset to a specific id.

See also

Method Overview

Show inherited methods Hide inherited methods
Name Return Type Summary Class

Adds one or more handles which are to be tied to the lifecycle of the object.

more details
Accessor
OAuthInfo

Creates a copy of the OAuthInfo object.

more details
OAuthInfo
*

Creates a new instance of this class and initializes it with values from a JSON object generated from an ArcGIS product.

more details
OAuthInfo
Boolean

Returns true if a named group of handles exist.

more details
Accessor

Removes a group of handles owned by the object.

more details
Accessor
Object

Converts an instance of this class to its ArcGIS portal JSON representation.

more details
OAuthInfo

Method Details

addHandles(handleOrHandles, groupKey)inherited
Since: ArcGIS API for JavaScript 4.25

Adds one or more handles which are to be tied to the lifecycle of the object. The handles will be removed when the object is destroyed.

// Manually manage handles
const handle = reactiveUtils.when(
  () => !view.updating,
  () => {
    wkidSelect.disabled = false;
  },
  { once: true }
);

// Handle gets removed when the object is destroyed.
this.addHandles(handle);
Parameters
handleOrHandles WatchHandle|WatchHandle[]

Handles marked for removal once the object is destroyed.

groupKey *
optional

Key identifying the group to which the handles should be added. All the handles in the group can later be removed with Accessor.removeHandles(). If no key is provided the handles are added to a default group.

clone(){OAuthInfo}
Since: ArcGIS API for JavaScript 4.4

Creates a copy of the OAuthInfo object.

Returns
Type Description
OAuthInfo Returns a copy of the OAuthInfo.
fromJSON(json){*}static

Creates a new instance of this class and initializes it with values from a JSON object generated from an ArcGIS product. The object passed into the input json parameter often comes from a response to a query operation in the REST API or a toJSON() method from another ArcGIS product. See the Using fromJSON() topic in the Guide for details and examples of when and how to use this function.

Parameter
json Object

A JSON representation of the instance in the ArcGIS format. See the ArcGIS REST API documentation for examples of the structure of various input JSON objects.

Returns
Type Description
* Returns a new instance of this class.
hasHandles(groupKey){Boolean}inherited
Since: ArcGIS API for JavaScript 4.25

Returns true if a named group of handles exist.

Parameter
groupKey *
optional

A group key.

Returns
Type Description
Boolean Returns true if a named group of handles exist.
Example
// Remove a named group of handles if they exist.
if (obj.hasHandles("watch-view-updates")) {
  obj.removeHandles("watch-view-updates");
}
removeHandles(groupKey)inherited
Since: ArcGIS API for JavaScript 4.25

Removes a group of handles owned by the object.

Parameter
groupKey *
optional

A group key or an array or collection of group keys to remove.

Example
obj.removeHandles(); // removes handles from default group

obj.removeHandles("handle-group");
obj.removeHandles("other-handle-group");
toJSON(){Object}

Converts an instance of this class to its ArcGIS portal JSON representation. See the Using fromJSON() guide topic for more information.

Returns
Type Description
Object The ArcGIS portal JSON representation of an instance of this class.

Your browser is no longer supported. Please upgrade your browser for the best experience. See our browser deprecation post for more details.