Skip To Content ArcGIS for Developers Sign In Dashboard


You will learn: how to build an app that uses named user login credentials to access secure services.

The ArcGIS platform supports several security methodologies that you can implement to access ArcGIS premium services and secure content. To implement OAuth 2.0, you can use your ArcGIS account to register an application and get a client ID, and then configure your app to redirect users to login with their credentials when the service or content is accessed. This is known as the "named user login" authentication pattern. If the app uses premium services that consume credits, the user's account will be charged, not your account. Alternatively, you can use your own account to set up service proxies that allow your applications to access premium services without asking the user to authenticate themselves. In this case, your account is providing authentication and will be charged credits if credit-consuming services are used. This is known as the "app login" authentication pattern. To learn more about service proxies, see the Set up authenticated services tutorial.

In this tutorial you will implement OAuth 2.0 to redirect users to sign in to ArcGIS so they can access the ArcGIS Traffic Layer service.

Before you begin

Make sure you have installed the latest version of Android Studio.

Reuse the starter project

If you have completed the Create a starter app tutorial, then copy the project into a new empty folder. Otherwise, download and unzip the project solution. Open, run, and verify the map displays in the device simulator.


Configure OAuth 2.0 for your app

  1. Register your app to generate a client ID and set a redirect URL to access the secure service:

    1. Sign in to your ArcGIS account. If you don't already have one, sign-up for free.
    2. At the top right of the main menu, click > New Application to create a new application.
    3. Fill in new application details then select Register New Application. Take note of the Client ID value that is automatically assigned to your app.
    4. On the Authentication tab use the Redirect URIs section to add my-app://auth. Take note of this redirect URL as you will need it later. Also note this URL is composed of two parts: a scheme (my-app), followed by a path (auth), separated with ://.

Set the app settings

  1. Create an app_settings.xml resource file to hold your client ID and custom redirect URL:

    1. In the Project view, right-click app and choose New > Android resource file.
    2. Set the File name to app_settings.xml.
    3. In Resource type choose Values.
    4. Leave the other options as default (Source set as main, Directory name as values) and click OK.
    5. In the new values file you created, add the following string elements:
    <?xml version="1.0" encoding="utf-8"?>
      <!-- *** ADD *** -->
      <string name="redirect_url">my-app://auth</string>
      <string name="client_id">YOUR_CLIENT_ID</string>
      <string name="traffic_service"></string>
    • Replace the client_id and redirect_url values with the values shown on the authentication tab of your application definition.

Set the default OAuth Intent Receiver

  1. Update the android manifest to indicate the Activity and intent filter to use that will handle the redirect URL. The Android manifest file is located in the Project view under app > manifests > AndroidManifest.xml. Add the following <activity> tag, taking note of the scheme usage of your redirect URL:

    <activity android:name=".MainActivity">
        <action android:name="android.intent.action.MAIN"/>
        <category android:name="android.intent.category.LAUNCHER"/>
    <!-- *** ADD *** -->
            <action android:name="android.intent.action.VIEW"/>
            <category android:name="android.intent.category.DEFAULT"/>
            <category android:name="android.intent.category.BROWSABLE"/>
            <data android:scheme="my-app"/>

Make sure the scheme matches exactly to the value entered in Redirect URIs of your application definition.

The next part of the project is to write the code to configure a DefaultAuthenticationChallengeHandler for OAuth 2.0.

Integrate OAuth 2.0 into your app

  1. The DefaultAuthenticationChallengeHandler handles all security types, including OAuth 2.0 if you add an OAuthConfiguration to the AuthenticationManager. In the file app > java > {} >, create a new member function named setupOAuthManager() to setup the authentication manager. This code creates a configuration with the parameters you assigned to your app in app_settings.xml and then assigns that configuration to the AuthenticationManager.

    private void setupOAuthManager() {
        String clientId = getResources().getString(R.string.client_id);
        String redirectUrl = getResources().getString(R.string.redirect_url);
        try {
            OAuthConfiguration oAuthConfiguration = new OAuthConfiguration("", clientId, redirectUrl);
            DefaultAuthenticationChallengeHandler authenticationChallengeHandler = new DefaultAuthenticationChallengeHandler(this);
        } catch (MalformedURLException e) {

Add private layer to your map's operational layers

  1. Find the setupMap() method. Create the traffic service layer and add it to the maps operational layers:

            // *** ADD ***
            ArcGISMapImageLayer traffic = new ArcGISMapImageLayer(getResources().getString(R.string.traffic_service));
  2. Configuring the AuthenticationManager must be done before the map will reference it. Find the onCreate() method and before the call to setupMap() insert a call to setupOAuthManager():

        mMapView = findViewById(;
        // *** ADD ***
  3. Press Control-R to run the app in the simulator.

Congratulations, you're done!

Your app should open on your device then show a dialog from ArcGIS Online asking for OAuth 2.0 login. Once successfully logged in the map displays with the traffic layer added. Compare your solution with our completed solution project.


Explore basemaps

Try different basemaps available with BasemapType. Now that you are able to authenticate users, you could also define private basemaps on your ArcGIS Online account and load those in your apps.

Discover layers

Discover other layers you can use in your app. Explore ArcGIS Open Data and Los Angeles GeoHub for data you can use in your apps.