Learn how to implement user authentication to access a secure ArcGIS service with OAuth credentials.
You can use different types of authentication to access secured ArcGIS services. To implement OAuth credentials for user authentication, you can use your ArcGIS account to register an app with your portal and get a Client ID, and then configure your app to redirect users to login with their credentials when the service or content is accessed. This is known as user authentication. If the app uses premium ArcGIS Online services that consume credits, for example, the app user's account will be charged.
In this tutorial, you will build an app that implements user authentication using OAuth credentials so users can sign in and be authenticated through ArcGIS Online to access the ArcGIS World Traffic service.
Prerequisites
Before starting this tutorial:
-
You need an ArcGIS Location Platform or ArcGIS Online account.
-
Your system meets the system requirements.
Set up authentication
To access the secure ArcGIS location services used in this tutorial, you must implement user authentication using an ArcGIS Location Platform or an ArcGIS Online account.
Create a new OAuth credential to access the secured resources used in this tutorial.
-
Complete the Create OAuth credentials for user authentication tutorial.
-
Copy and paste the ClientID and RedirectURL into a safe location. They will be used in a later step.
All users that access this application need account privileges to access the basemap styles service.
The Client ID
uniquely identifies your app on the authenticating server. If the server cannot find an app with the provided Client ID, it will not proceed with authentication.
The Redirect URL
(also referred to as a callback url) is used to identify a response from the authenticating server when the system returns control back to your app after an OAuth login. Since it does not necessarily represent a valid endpoint that a user could navigate to, the redirect URL can use a custom scheme, such as my-app
. You can configure several redirect URLs in your application definition and can remove or edit them. It's important to make sure the redirect URL used in your app's code matches a redirect URL configured for the application.
Develop or Download
You have two options for completing this tutorial:
Option 1: Develop the code
Create a new app
To get started, use Xcode to create an iOS app and configure it to reference the API.
-
Open Xcode. In the menu bar, click File > New > Project.
- In the Choose a template for your new project: window, set the following properties:
- Multiplatform iOS
- Application App
- Click Next.
- In the Choose options for your new project: window, set the following properties:
- Product Name:
<your app name
> - Organization Identifier:
<your organization
> - Interface: SwiftUI
- Language: Swift
- Product Name:
- Uncheck all other options.
- Click Next.
- Choose a location to store your project. Click Create.
- In the Choose a template for your new project: window, set the following properties:
-
In the Project Navigator, click
<your app name
. In the Editor, right click on the struct name,>App <your app name
. Select Refactor > Rename... to rename the struct to>App Main
. Click the Rename button in the top right to confirm the new name. This will rename the struct and file in all affected areas.App -
Add a reference to the API using Swift Package Manager.
-
In the MainApp.swift file, some errors may appear after importing ArcGIS. Resolve the errors by distinguishing the
Scene protocol
fromScene
. To do so, add theSwift
prefix toUI Scene
.MainApp.swiftUse dark colors for code blocks var body: some SwiftUI.Scene { WindowGroup { ContentView() } }
Add a protected layer to map
Add the World Traffic layer to the map.
-
In the Project Navigator, click ContentView.swift.
-
In the Editor, add an
import
statement to reference the API.ContentView.swiftUse dark colors for code blocks 16 17 18 19Add line. import SwiftUI import ArcGIS
-
Add a
Map
with the@
property wrapper with a default value. Create aState Map
with anarc
basemap style and an inital viewpoint and return it.GIS Topographic ContentView.swiftUse dark colors for code blocks 22 23Add line. Add line. Add line. Add line. Add line. Add line. struct ContentView: View { @State private var map = { let map = Map(basemapStyle: .arcGISTopographic) map.initialViewpoint = Viewpoint(latitude: 34.02700, longitude: -118.80500, scale: 72_000) return map }()
-
Add a secured traffic layer to the map's operational layers collection.
The World Traffic layer is a premium service on ArcGIS Online that requires secure authentication to access.
ContentView.swiftUse dark colors for code blocks 24 25 26 27 28 29 30 31 32 33Add line. Add line. Add line. @State private var map = { let map = Map(basemapStyle: .arcGISTopographic) map.initialViewpoint = Viewpoint(latitude: 34.02700, longitude: -118.80500, scale: 72_000) let trafficLayerURL = URL(string: "http://www.arcgis.com/home/item.html?id=ff11eb5b930b4fabba15c47feb130de4")! let trafficLayer = ArcGISMapImageLayer(url: trafficLayerURL) map.addOperationalLayer(trafficLayer) return map }()
-
Replace the default code in the
body
to display the map. Create aMapView
using the previously created map.ContentView.swiftUse dark colors for code blocks 35 36 37 38 39Change line var body: some View { MapView(map: map) }
-
Open the MainApp.swift file. Add the
.ignore
modifier to theSafe Area Content
. This modifier ensures that the map view is displayed beyond the safe area to all edges.View MainApp.swiftUse dark colors for code blocks 49 50 51 52 53 54 55 56 57Add line. var body: some SwiftUI.Scene { WindowGroup { ContentView() .ignoresSafeArea() } }
Integrate OAuth credentials into your app
Use the ArcGIS Maps SDK for Swift Toolkit component to create an Authenticator object that handles authentication every time a secured ArcGIS resource is accessed.
-
The Toolkit is required to access the Authenticator component. Follow the installation instructions to add Toolkit to the MainApp.swift file.
MainApp.swiftUse dark colors for code blocks 16 17 18 19Add line. import SwiftUI import ArcGIS import ArcGISToolkit
-
Create an
Authenticator
object with the Observed Object property wrapper.MainApp.swiftUse dark colors for code blocks 23 24 25 26 27 28 29 30 31Add line. Add line. Add line. Add line. Add line. Add line. struct MainApp: App { // Setup an `Authenticator` with OAuth configuration. @ObservedObject var authenticator = Authenticator( oAuthUserConfigurations: [ ] )
-
Initialize the
Authenticator
with anOAuthConfiguration
object. Use your ClientID and RedirectURL credentials that you created in the Set up authentication step.- Portal is the URL of the portal to authenticate with. For the purpose of this tutorial, the URL is
https
.://www.arcgis.com - ClientID unique identifier associated with an application registered with the portal that assists with client/server OAuth authentication.
- RedirectURL is the URL that the OAuth login page will redirect to when authentication completes.
MainApp.swiftUse dark colors for code blocks 25 26 27 28 29 30 31 32 33 34 35 36 37Add line. Add line. Add line. Add line. Add line. Add line. // Setup an `Authenticator` with OAuth configuration. @ObservedObject var authenticator = Authenticator( oAuthUserConfigurations: [ OAuthUserConfiguration( // Enter OAuth credentials for user authentication. portalURL: URL(string: "https://www.arcgis.com")!, clientID: "<#YOUR-CLIENT-ID#>", redirectURL: URL(string: "<#YOUR-REDIRECT-URL#>")! ) ] )
- Portal is the URL of the portal to authenticate with. For the purpose of this tutorial, the URL is
-
Create an initializer function and assign the authenticator to the
ArcGISAuthenticationChallengeHandler
. This points the challenge to the authenticator which will handle the request.MainApp.swiftUse dark colors for code blocks 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42Add line. Add line. Add line. struct MainApp: App { // Setup an `Authenticator` with OAuth configuration. @ObservedObject var authenticator = Authenticator( oAuthUserConfigurations: [ OAuthUserConfiguration( // Enter OAuth credentials for user authentication. portalURL: URL(string: "https://www.arcgis.com")!, clientID: "<#YOUR-CLIENT-ID#>", redirectURL: URL(string: "<#YOUR-REDIRECT-URL#>")! ) ] ) init() { ArcGISEnvironment.authenticationManager.arcGISAuthenticationChallengeHandler = authenticator }
-
Lastly, display the OAuth interface. Add the authenticator view modifier, passing in the authenticator object.
MainApp.swiftUse dark colors for code blocks 49 50 51 52 53 54 55 56 57 58 59Add line. var body: some SwiftUI.Scene { WindowGroup { ContentView() .authenticator(authenticator) .ignoresSafeArea() } }
-
Press Command+R to run the app.
Upon app launch, you will be prompted to log in with your ArcGIS Location Platform or ArcGIS Online credentials. Once you authenticate successfully, the basemap and traffic layer will appear in the map.
Manage data persistence
In real-world applications, you can create and persist a credential store in the keychain so that the user does not have to sign in again when the app is re-launched.
-
Create an asynchronous function called
setup
that sets up new credential stores that will be persisted to the keychain. Use thePersistent Credential Storage authenticationManager.setupPersistentCredentialStorage
method to create the credential store and set the keychain access towhen
. This will allow the item to be accessible only when device is unlocked.Unlocked MainApp.swiftUse dark colors for code blocks 39 40 41 42 43 44 45 46 47Add line. Add line. Add line. Add line. Add line. init() { ArcGISEnvironment.authenticationManager.arcGISAuthenticationChallengeHandler = authenticator } private func setupPersistentCredentialStorage() async { Task { try await ArcGISEnvironment.authenticationManager.setupPersistentCredentialStorage(access: .whenUnlocked) } }
-
Set up the credential stores upon app launch. Add a
task
function toContent
. In the closure, call theView setup
function.Persistent Credential Storage MainApp.swiftUse dark colors for code blocks 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63Add line. Add line. Add line. var body: some SwiftUI.Scene { WindowGroup { ContentView() .authenticator(authenticator) .ignoresSafeArea() .task { await setupPersistentCredentialStorage() } } }
-
Press Command + R to run the app.
If you are using the Xcode simulator your system must meet these minimum requirements: macOS 14 (Sonoma), Xcode 16, iOS 18. If you are using a physical device, then refer to the system requirements.
Upon app launch, you will not be prompted to log in again.
Alternatively, you can download the tutorial solution, as follows.
Option 2: Download the solution
-
Click the
Download solution
link under Solution and unzip the file to a location on your machine. -
Open the
.xcodeproj
file in Xcode.
Since the downloaded solution does not contain authentication credentials, you must add the developer credentials that you created in the Set up authentication section.
Set developer credentials in the solution
-
In the Project Navigator, click MainApp.swift.
-
Enter your
client
andID redirect
values that you created earlier.URL MainApp.swiftUse dark colors for code blocks 25 26 27 28 29 30 31 32 33 34 35 36 37Change line Change line Change line Change line Change line Change line // Setup an `Authenticator` with OAuth configuration. @ObservedObject var authenticator = Authenticator( oAuthUserConfigurations: [ OAuthUserConfiguration( // Enter OAuth credentials for user authentication. portalURL: URL(string: "https://www.arcgis.com")!, clientID: "<#YOUR-CLIENT-ID#>", redirectURL: URL(string: "<#YOUR-REDIRECT-URL#>")! ) ] )
Best Practice: The OAuth credentials are stored directly in the code as a convenience for this tutorial. Do not store credentials directly in source code in a production environment.
Run the solution
Press Command + R to run the app.
If you are using the Xcode simulator your system must meet these minimum requirements: macOS 14 (Sonoma), Xcode 16, iOS 18. If you are using a physical device, then refer to the system requirements.
Upon app launch, you will be prompted to log in with your ArcGIS Location Platform or ArcGIS Online credentials. Once you authenticate successfully, the basemap and traffic layer will appear in the map.
What's next?
Learn how to use additional API features, ArcGIS location services, and ArcGIS tools in these tutorials: