Koushik Hajra & Xueming Wu

ArcGIS Runtime: Authenticating Your Apps with the ArcGIS Platform

Agenda

➢ Introductiono When is Authentication needed

o Authentication Manager

➢ Authenticating a Usero Authentication Challenges

o Authentication Challenge Handler UI OAuth

➢ Caching User Credentials

Introduction

Introduction

➢ When is authentication neededo Access a user’s private content

o Create and publish content

o Access premium content on ArcGIS Online

➢ Authentication Modeso OAuth 2.0

o Token-based

o Public Key Infrastructure (PKI)

o HTTP/Windows Authentication (HTTP basic, HTTP digest or Integrated Windows Authentication(IWA))

Goals for Authentication API

○ Less code

○ Central logic

■ Avoid different failure points

■ Do it once and in one place

o Handle all authentication modes

o Common pattern in Runtime SDKs

Authentication Manager

○ Central place and go-to class for■ Set an authentication challenge handler

■ Manage OAuth configurations

■ Manage client/server certificates

■ Manage in-memory credential cache

o Singleton

o Guide Doc https://developers.arcgis.com/android/latest/guide/access-the-arcgis-platform.htm

https://developers.arcgis.com/ios/latest/swift/guide/access-the-arcgis-platform.htm

https://developers.arcgis.com/net/latest/wpf/guide/access-the-arcgis-platform.htm

https://developers.arcgis.com/qt/latest/qml/guide/access-the-arcgis-platform.htm

https://developers.arcgis.com/java/latest/guide/access-the-arcgis-platform.htm

Authentication Manager

Demo:Authentication Manager

Authenticating A User

Authentication Process

Server or PortalAuthentication

ManagerChallenge

Authentication Challenge

➢ Authentication Challenge

○ Is created when due to inability to authenticate

○ Contains information such as exception, credential, URL and number of trials

○ Is issued to an authentication challenge handler

○ Can be turned on/off through RequestConfiguration

Authentication Challenge

➢ Types of Challenges○ Username / password

○ OAuth

○ Client Certificate

○ Untrusted Host

➢ Challenge Actions○ Provide Username / password

○ Provide OAuth token

○ Provide Client Certificate

○ Trust a Host

○ Cancel

➢ Handling Challenge○ Default handler

○ Custom handler

○ Extend and override

Handling Challenge - Default Handler

○ UX for challenge○ Credentials (username / password, token, client certificate)○ Self-signed server certificate

OAuth 2.0

➢ Have you heard about OAuth?

➢ Authentication patternso Named User login

Allow ArcGIS Online users to authorize your application on their behalf

ArcGIS Online prompts for credentials

o App login

App uses hard-coded credential to log

Users access content on your behalf

OAuth 2.0 – Named User Login

➢ Two steps processo Authorization → authorization code

Client ID

Redirect URI

Refresh token expiration(optional)

o Exchange code for tokens (access & refresh)

➢ Access token & refresh token○ Refresh access token

Short lived access token (30 minutes)

Refresh using refresh token

○ Exchange refresh token

Refresh token: 2 weeks ~ 90 days

Exchange refresh token every 24 hours by default

OAuth 2.0 – Named User Login

➢ Working with default handler

○ Create OAuthConfiguration

Client ID

Redirect URI

Refresh token expiration(optional)

○ Add to AuthenticationManager

➢ Support social login

Demo:OAuth

Handling Challenge - Custom Handler

➢ Platform specific workflow

➢ Android / Java SDKs

○ Implement AuthenticationChallengeHandler

○ Override handleChallenge()

○ Set AuthenticationChallengeHandler on AuthenticationManager

○ Implement UI

Demo:Custom Handler

Caching User Credentials

Credential Cache

o In memory cache

Enabled by default

o Global

Reusable by objects in the same domain

o Persist credentials:

Between user sessions

Between apps

Between devices

Credential Cache

➢ Persist credentialso Android & Java SDKs

Persist Credential Cache to json string

Developer is responsible to encrypt the json string

o iOS SDK – Sync Credential Cache to Keychain

o Qt SDK – persist credential to json string

➢ Remove & revoke credentials

Demo:Credential Cache

Offline content security

➢ Unsecured Mobile Map Package (MMPK)

➢ Unsecured extracted geodatabase on disk

Summary

➢ Introductiono When is Authentication needed

o Authentication Manager

➢ Authenticating a Usero Authentication Challenges

o Authentication Challenge Handler UI OAuth

➢ Caching User Credentials

Thank you!

GeoNet:

https://community.esri.com/community/developers/native-app-developers