A store for instances of the subclasses of NetworkCredential. More...
| Header | #include <Authentication/ |
| Since | Esri |
| Inherits | Esri |
Public Functions
| virtual | ~ |
| QSet | credentials |
| QFuture | remove |
Static Public Members
(since Esri QFuture | make |
Detailed Description
The NetworkCredentialStore is used to store instances of the subclasses of NetworkCredential. Network credentials are required when services have PKI, IWA or other types of security requirements. Another case is Server Trust, when a server's certificate is not trusted by the system, the user can provide a ServerTrust credential to trust this.
Member Function Documentation
[override virtual noexcept] NetworkCredentialStore::~NetworkCredentialStore ()
Destructor.
QSet<Esri::ArcGISRuntime::Authentication::NetworkCredential *> NetworkCredentialStore::credentialsForHost (const QString &host) const
Returns the set of credentials for the given host.
[static, since Esri::ArcGISRuntime 300.0] QFuture<Esri::ArcGISRuntime::Authentication::NetworkCredentialStore *> NetworkCredentialStore::makePersistent (QObject *parent = nullptr)
Creates a persistent NetworkCredentialStore.
Credential persistence allows credentials to be securely stored on the device to be reused in subsequent sessions after restarting the app. Any changes made to the store will be reflected automatically to the persisted store, for example adding or removing credentials.
Once created, you must set the persistent store on the AuthenticationManager.
Upon creation any credentials saved from previous sessions will be loaded into the store and are available for use immediately.
NetworkCredentialStore::makePersistent(this).then(this, [](NetworkCredentialStore* persistentStore) { ArcGISRuntimeEnvironment::authenticationManager()->setNetworkCredentialStore(persistentStore); }).onFailed(this, [](const ErrorException& ex) { qDebug() << "Failed to create persistent credential store:" << ex.error().message(); });
- parent - The optional parent you want to apply to the new NetworkCredentialStore.
Note: CertificateCredential objects restored from the persistent store are validated against their effective and expiry dates. If they are not valid, they will be not restored into memory, and they will be removed from the persistent store as well.
The underlying workflow for credential persistence varies by platform:
| Platform | Persistence Method |
|---|---|
| Android | Credentials are encrypted and persisted to the app sandbox. |
| i | Credentials are stored in the system Keychain. |
| Linux | Credentials are encrypted and stored using the libsecret library, which interacts with the system credential storage via the ' |
| mac | Credentials are stored in the system Keychain. |
| Windows | Credentials are stored in the Windows Credential Manager. |
Note: Credential persistence has no effect on how long the persisted credentials remain valid. When a TokenCredential has expired (for example), the user must re-authenticate to obtain a new one. Expired or invalid credentials are removed from the persistent store upon detection, and an authentication challenge is issued via any challenge handlers that have been set.
Note: The persistent credential store supports only unidirectional synchronization. Changes made directly to the underlying OS storage (e.g., the Keychain) will not be reflected in the in-memory credential store.
On macOS, the app that persists the credentials is the only one that may read them without requiring Keychain authorization. If the app is rebuilt or modified, it may no longer be recognized as the original app that stored the credentials in the Keychain, and Keychain authorization will be required again.
This function was introduced in Esri::ArcGISRuntime 300.0.
QFuture<void> NetworkCredentialStore::removeAllAsync ()
Asynchronously removes all credentials from the store, and returns a future that will be completed when the operation is done.
If you are implementing a robust logout workflow, you may want to consider clearing the HTTP cache using NetworkCacheConfiguration::clearCacheAsync(), which could contain data from authenticated sessions.