A store for instances of the subclasses of ArcGISCredential. More...
| Header | #include <Authentication/ |
| Since | Esri |
| Inherits | Esri |
Public Functions
| ArcGIS | |
| virtual | ~ |
| void | add( |
| void | add( |
| Esri | credential(const QUrl &url) const |
| QList | credentials() const |
| bool | remove( |
| void | remove |
| QList | remove |
Static Public Members
(since Esri QFuture | make |
Detailed Description
The credential provided while handling an authentication challenge is placed in the ArcGIS credential store of the ArcGISRuntimeEnvironment::arcGISAuthenticationManager and used by all subsequent requests that have a matching server context.
See also OAuthUserCredential, OAuthApplicationCredential, PregeneratedTokenCredential, TokenCredential, and ArcGISAuthenticationChallengeHandler.
Member Function Documentation
[explicit] ArcGISCredentialStore::ArcGISCredentialStore (QObject *parent = nullptr)
Creates an instance of an ArcGISCredentialStore.
- parent - The optional parent QObject.
[override virtual noexcept] ArcGISCredentialStore::~ArcGISCredentialStore ()
Destructor.
void ArcGISCredentialStore::add(Esri::ArcGISRuntime::Authentication::ArcGISCredential *arcGISCredential )
Adds the specified credential to the ArcGISCredentialStore. The credential's server context is used to determine what services the credential can be shared with.
- arcGISCredential - The credential to be stored within ArcGISCredentialStore.
If a credential for the same server context is already in the store, then it will be replaced.
See also ArcGISCredential::serverContext and add(Esri::ArcGISRuntime::Authentication::ArcGISCredential*, const QUrl&).
void ArcGISCredentialStore::add(Esri::ArcGISRuntime::Authentication::ArcGISCredential *arcGISCredential , const QUrl &url)
Adds a specified credential to the store for a given URL. The URL must be shareable with the server context of the credential. Otherwise, this method throws an ErrorType::AuthenticationCredentialCannotBeShared. When the credential is added to the store with this function, for the credential to be shared with a secured service endpoint, the service endpoint must begin with the specified URL passed to this function call. For example, if you were to specify a store URL of https://www.server.net/arcgis/rest/services/service1/ when calling this function, then the specified credential would be shared with an endpoint such as https://www.server.net/arcgis/rest/services/service1/query, but not for https://www.server.net/arcgis/rest/services/service2/query.
- arcGISCredential - The credential to be stored within ArcGISCredentialStore.
- url - The URL to associate the credential with.
If a credential was already stored for the same URL then it will be replaced.
See also add(ArcGISCredential*).
Esri::ArcGISRuntime::Authentication::ArcGISCredential *ArcGISCredentialStore::credential(const QUrl &url) const
Returns the best matched credential in the ArcGISCredentialStore for the given URL.
Returns nullptr if there is no matched credential found for the provided URL.
- url - The URL of an ArcGIS secured resource.
QList<Esri::ArcGISRuntime::Authentication::ArcGISCredential *> ArcGISCredentialStore::credentials() const
Returns an array of unique credentials contained in the ArcGISCredentialStore.
During a logout workflow, users should call this method before calling removeAll, filter all instances of OAuthUserCredential and invalidate them by calling OAuthUserCredential::revokeTokenAsync.
[static, since Esri::ArcGISRuntime 300.0] QFuture<Esri::ArcGISRuntime::Authentication::ArcGISCredentialStore *> ArcGISCredentialStore::makePersistent (QObject *parent = nullptr)
Creates a persistent ArcGISCredentialStore.
Credential persistence allows credentials to be securely stored on the device to be reused in subsequent sessions after restarting the app. Any changes made to the store will be reflected automatically to the persisted store, for example adding or removing credentials.
Once created, you must set the persistent store on the AuthenticationManager.
Upon creation any credentials saved from previous sessions will be loaded into the store and are available for use immediately.
ArcGISCredentialStore::makePersistent(this).then(this, [](ArcGISCredentialStore* persistentStore) { ArcGISRuntimeEnvironment::authenticationManager()->setArcGISCredentialStore(persistentStore); }).onFailed(this, [](const ErrorException& ex) { qDebug() << "Failed to create persistent credential store:" << ex.error().message(); });
- parent - The optional parent you want to apply to the new ArcGISCredentialStore.
The underlying workflow for credential persistence varies by platform:
| Platform | Persistence Method |
|---|---|
| Android | Credentials are encrypted and persisted to the app sandbox. |
| i | Credentials are stored in the system Keychain. |
| Linux | Credentials are encrypted and stored using the libsecret library, which interacts with the system credential storage via the ' |
| mac | Credentials are stored in the system Keychain. |
| Windows | Credentials are stored in the Windows Credential Manager. |
Note: Credential persistence has no effect on how long the persisted credentials remain valid. When a TokenCredential has expired (for example), the user must re-authenticate to obtain a new one. Expired or invalid credentials are removed from the persistent store upon detection, and an authentication challenge is issued via any challenge handlers that have been set.
Note: The persistent credential store supports only unidirectional synchronization. Changes made directly to the underlying OS storage (e.g., the Keychain) will not be reflected in the in-memory credential store.
On macOS, the app that persists the credentials is the only one that may read them without requiring Keychain authorization. If the app is rebuilt or modified, it may no longer be recognized as the original app that stored the credentials in the Keychain, and Keychain authorization will be required again.
This function was introduced in Esri::ArcGISRuntime 300.0.
bool ArcGISCredentialStore::remove(Esri::ArcGISRuntime::Authentication::ArcGISCredential *arcGISCredential )
Removes the credential from ArcGISCredentialStore if present. Returns true if the credential was found and removed from the store, otherwise false.
- arcGISCredential - The credential to be removed from ArcGISCredentialStore.
void ArcGISCredentialStore::removeAll ()
Removes all credentials from the ArcGISCredentialStore.
During a logout workflow, before calling this function, users should call credentials, filter all instances of OAuthUserCredential, and invalidate them using OAuthUserCredential::revokeTokenAsync. In addition, to implement a robust logout workflow, you may want to consider clearing the HTTP cache using NetworkCacheConfiguration::clearCacheAsync(), which could contain data from authenticated sessions.
QList<Esri::ArcGISRuntime::Authentication::ArcGISCredential *> ArcGISCredentialStore::removeCredentials (const QUrl &url)
Removes any credentials from the ArcGISCredentialStore that would be shared with a service endpoint represented by the provided URL. Returns an array of credentials that were removed.
- url - The URL to search for and remove credentials from the store.