Oauth 2.0

ArcGIS supports secure authentication using OAuth2.0 protocols. To authenticate using OAuth 2.0, you need to create and implement or in your application. You can use these authentication workflows to access secure and hosted in a .

To authenticate requests using OAuth 2.0, you need to have one of the following accounts:

The easiest way to implement an OAuth 2.0 workflow is to integrate the request module from ArcGIS REST JS, which streamlines the authentication process.

How to use OAuth credentials

The recommended way to implement OAuth 2.0 is to use the ArcGISIdentityManager module from .

Below are the typical steps for implementing browser-based OAuth 2.0.

  1. Sign in to your .
  2. Create or use an existing OAuth 2.0 application.
  3. Get the client ID and redirect URI from your application.
  4. Set the client ID (in your application).
  5. Create a callback page defined in the redirect URI that will complete the authentication process.
  6. Set the generated token where authentication is a required parameter.

To learn about other types of OAuth 2.0 authentication methods, go to Implement user authentication (server) tutorial.

User authentication

User authentication is a set of authentication workflows that allow users with an to sign into an application and access ArcGIS , , and resources. The typical authentication protocol used is OAuth 2.0. When a user signs into an application with their ArcGIS account, an is generated that authorizes the application to access services and content on their behalf. The resources and functionality available depend on the user type, roles, and privileges of the user's ArcGIS account. This authentication type was previously known as Named user login and ArcGIS identity.

If your application will access your users' secure content in ArcGIS or if you plan to distribute your application through ArcGIS Marketplace, you must use .

App authentication

App authentication, formerly known as app credential authentication, is a type of authentication that grants a short-lived to applications based on a set of . The resources and functionality available depend on the user type, roles, and of your .

Examples

User authentication with ArcGIS REST JS

This example uses the ArcGISIdentityManager module from ArcGIS REST JS.

1
2
3
4
5
6
7
8
9
10
11
12
13
import { ArcGISIdentityManager } from "@esri/arcgis-rest-request";

// register your own app to create a unique clientId
const clientId = "YOUR_CLIENT_ID"

// send the user to the authorization page
ArcGISIdentityManager.beginOAuth2({
  yourClientId,
  redirectUri: 'https://yourapp.com/authenticate.html'
})
  .then(authenticationManager => {
    console.log(authenticationManager)
  });
1
2
3
4
5
6
7
8
9
10
11
12
13
import { ArcGISIdentityManager } from "@esri/arcgis-rest-request";

const clientId = "YOUR_CLIENT_ID"

/**
 * after the user authorizes the application they will be redirected to
 * the page defined in redirectUrl which will need to complete the
 * authentication process.
 **/
ArcGISIdentityManager.completeOAuth2({
  yourClientId,
  redirectUri: 'https://yourapp.com/authenticate.html'
});

User authentication without ArcGIS REST JS

This example shows how to configure an OAuth 2.0 workflow without the helper methods from ArcGIS REST JS.

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22

  const yourClientID = "YOUR_CLIENT_ID";
  let accessToken;
  const callbacks = [];
  const protocol = window.location.protocol;
  const callbackPage = protocol + "./oauth-callback.html";

  function oauth(callback) {
        if (accessToken) {
          callback(accessToken);
        } else {
          callbacks.push(callback);
          window.open(
            "https://www.arcgis.com/sharing/oauth2/authorize?client_id=" +
              yourClientID +
              "&response_type=token&expiration=20160&redirect_uri=" +
              window.encodeURIComponent(callbackPage),
            "oauth",
            "height=400,width=600,menubar=no,location=yes,resizable=yes,scrollbars=yes,status=yes"
          );
        }
      }
1
2
3
4
5
6
7
8
9
10
/* Once the user is authorized, the access token must be retrieved.*/
let match;
  if (window.location.hash && (match = window.location.hash.match(/#access_token=([^&]+)/))) {
    if (window.opener && window.opener.parent) {
      window.opener.parent.oauthCallback(match[1]);
    } else {
      window.parent.oauthCallback(match[1]);
    }
    window.close();
  }

Tutorials

Your browser is no longer supported. Please upgrade your browser for the best experience. See our browser deprecation post for more details.

You can no longer sign into this site. Go to your ArcGIS portal or the ArcGIS Location Platform dashboard to perform management tasks.

Your ArcGIS portal

Create, manage, and access API keys and OAuth 2.0 developer credentials, hosted layers, and data services.

Your ArcGIS Location Platform dashboard

Manage billing, monitor service usage, and access additional resources.

Learn more about these changes in the What's new in Esri Developers June 2024 blog post.

Close