AuthenticationManager

Manages requests for ArcGIS secure resources made by an application. The authentication manager allows you to manage user credentials for accessing secured ArcGIS Online and ArcGIS Enterprise resources. You can obtain the AuthenticationManager from the com.arcgismaps.ArcGISEnvironment.authenticationManager static property. The authentication manager provides a central place for you to configure authentication challenge handlers and credential stores:

• ArcGIS and network challenge handlers allow you to respond to authentication challenges. For example, you can write code in an authentication challenge handler to prompt the user for credential information, create a credential, and use it to continue with the challenge.

• Credential stores are available for storing ArcGIS and network credentials that are automatically checked when your application attempts to connect to secured resources. These stores can also be persisted so that the user does not have to sign in again when the application is re-launched.

If your application attempts to access a secure resource, and there is no matching credential in the credential store, the app raises an authentication challenge. If the ArcGIS secured resource requires OAuth or ArcGIS Token authentication, an ArcGIS authentication challenge is raised. If the ArcGIS secured resource requires network credentials, such as Integrated Windows Authentication (IWA) or Public Key Infrastructure (PKI), network authentication challenge is raised.

To allow your app users to respond to the authentication challenge:

• Create an authentication challenge handler and pass it to the AuthenticationManager.

• Customize the challenge handler to prompt the user for a username and password and use those values to create the appropriate type of ArcGISCredential.

• Confirm that the credential permits access to the secure resource.

A successful credential, created while handling an authentication challenge, is automatically placed in the credential store of the AuthenticationManager. This store exists for the lifetime of the application and its credentials can be used when subsequent requests are made.

If you want to avoid prompting users for credentials between application sessions, you can persist the credential store. Ensure that the credentials are secured using an appropriate mechanism for your platform so they are not available to other apps or processes.

During user sign-out you should clear all credentials from the credential store to prevent users accessing resources for which they do not have permission.

See the ArcGIS for Developers website for an overview of Security and authentication.