ArcGIS Runtime: Authenticating Your Apps with the ArcGIS ... · When is authentication needed o...
Transcript of ArcGIS Runtime: Authenticating Your Apps with the ArcGIS ... · When is authentication needed o...
Koushik Hajra & Xueming Wu
ArcGIS Runtime: Authenticating Your Apps with the ArcGIS Platform
Agenda
➢ Introductiono When is Authentication needed
o Authentication Manager
➢ Authenticating a Usero Authentication Challenges
o Authentication Challenge Handler UI OAuth
➢ Caching User Credentials
Introduction
Introduction
➢ When is authentication neededo Access a user’s private content
o Create and publish content
o Access premium content on ArcGIS Online
➢ Authentication Modeso OAuth 2.0
o Token-based
o Public Key Infrastructure (PKI)
o HTTP/Windows Authentication (HTTP basic, HTTP digest or Integrated Windows Authentication(IWA))
Goals for Authentication API
○ Less code
○ Central logic
■ Avoid different failure points
■ Do it once and in one place
o Handle all authentication modes
o Common pattern in Runtime SDKs
Authentication Manager
○ Central place and go-to class for■ Set an authentication challenge handler
■ Manage OAuth configurations
■ Manage client/server certificates
■ Manage in-memory credential cache
o Singleton
o Guide Doc https://developers.arcgis.com/android/latest/guide/access-the-arcgis-platform.htm
https://developers.arcgis.com/ios/latest/swift/guide/access-the-arcgis-platform.htm
https://developers.arcgis.com/net/latest/wpf/guide/access-the-arcgis-platform.htm
https://developers.arcgis.com/qt/latest/qml/guide/access-the-arcgis-platform.htm
https://developers.arcgis.com/java/latest/guide/access-the-arcgis-platform.htm
Authentication Manager
Demo:Authentication Manager
Authenticating A User
Authentication Process
Server or PortalAuthentication
ManagerChallenge
Authentication Challenge
➢ Authentication Challenge
○ Is created when due to inability to authenticate
○ Contains information such as exception, credential, URL and number of trials
○ Is issued to an authentication challenge handler
○ Can be turned on/off through RequestConfiguration
Authentication Challenge
➢ Types of Challenges○ Username / password
○ OAuth
○ Client Certificate
○ Untrusted Host
➢ Challenge Actions○ Provide Username / password
○ Provide OAuth token
○ Provide Client Certificate
○ Trust a Host
○ Cancel
➢ Handling Challenge○ Default handler
○ Custom handler
○ Extend and override
Handling Challenge - Default Handler
○ UX for challenge○ Credentials (username / password, token, client certificate)○ Self-signed server certificate
OAuth 2.0
➢ Have you heard about OAuth?
➢ Authentication patternso Named User login
Allow ArcGIS Online users to authorize your application on their behalf
ArcGIS Online prompts for credentials
o App login
App uses hard-coded credential to log
Users access content on your behalf
OAuth 2.0 – Named User Login
➢ Two steps processo Authorization → authorization code
Client ID
Redirect URI
Refresh token expiration(optional)
o Exchange code for tokens (access & refresh)
➢ Access token & refresh token○ Refresh access token
Short lived access token (30 minutes)
Refresh using refresh token
○ Exchange refresh token
Refresh token: 2 weeks ~ 90 days
Exchange refresh token every 24 hours by default
OAuth 2.0 – Named User Login
➢ Working with default handler
○ Create OAuthConfiguration
Client ID
Redirect URI
Refresh token expiration(optional)
○ Add to AuthenticationManager
➢ Support social login
Demo:OAuth
Handling Challenge - Custom Handler
➢ Platform specific workflow
➢ Android / Java SDKs
○ Implement AuthenticationChallengeHandler
○ Override handleChallenge()
○ Set AuthenticationChallengeHandler on AuthenticationManager
○ Implement UI
Demo:Custom Handler
Caching User Credentials
Credential Cache
o In memory cache
Enabled by default
o Global
Reusable by objects in the same domain
o Persist credentials:
Between user sessions
Between apps
Between devices
Credential Cache
➢ Persist credentialso Android & Java SDKs
Persist Credential Cache to json string
Developer is responsible to encrypt the json string
o iOS SDK – Sync Credential Cache to Keychain
o Qt SDK – persist credential to json string
➢ Remove & revoke credentials
Demo:Credential Cache
Offline content security
➢ Unsecured Mobile Map Package (MMPK)
➢ Unsecured extracted geodatabase on disk
Summary
➢ Introductiono When is Authentication needed
o Authentication Manager
➢ Authenticating a Usero Authentication Challenges
o Authentication Challenge Handler UI OAuth
➢ Caching User Credentials
Thank you!
GeoNet:
https://community.esri.com/community/developers/native-app-developers