Private
_hostPrivate
_pendingPrivate
_pendingInternal object to keep track of pending token requests. Used to prevent duplicate token requests.
Private
_pendingPrivate
_portalHydrated by a call to getPortal().
Private
_refreshPrivate
_refreshPrivate
_tokenPrivate
_tokenPrivate
_userHydrated by a call to getUser().
Readonly
clientClient ID being used for authentication if provided in the constructor
.
Private
createReturn a function that closes over the validOrigins array and
can be used as an event handler for the message
event
Array of valid origins
Private
federatedInternal list of tokens to 3rd party servers (federated servers) that have
been created via generateToken
. The object key is the root URL of the server.
Private
fetchensures that the authorizedCrossOriginDomains are obtained from the portal and cached so we can check them later.
this
Private
getReturns an unexpired token for the current portal
.
Private
getValidates that a given URL is properly federated with our current portal
.
Attempts to use the internal federatedServers
cache first.
Readonly
passwordThe currently authenticated user's password if provided in the constructor
.
Readonly
portalThe current portal the user is authenticated with.
Readonly
providerThe authentication provider to use.
Readonly
redirectA valid redirect URI for this application if provided in the constructor
.
Private
refreshExchanges an unexpired refreshToken
for a new one, also updates token
and
tokenExpires
.
Readonly
refreshDuration of new OAuth 2.0 refresh token validity (in minutes).
Private
refreshRefreshes the current token
and tokenExpires
with refreshToken
.
Private
refreshRefreshes the current token
and tokenExpires
with username
and
password
.
Readonly
serverAn unfederated ArcGIS Server instance known to recognize credentials supplied manually.
{
server: "https://sampleserver6.arcgisonline.com/arcgis",
token: "SOSlV3v..",
tokenExpires: new Date(1545415669763)
}
Readonly
sslThis value is set to true automatically if the ArcGIS Organization requires that requests be made over https.
Readonly
tokenDetermines how long new tokens requested are valid.
Private
trustedInternal list of 3rd party domains that should receive all cookies (credentials: "include"). Used to for PKI and IWA workflows in high security environments.
Readonly
usernameThe currently authenticated user if provided in the constructor
.
Static
Private
parentHandle the response from the parent
DOM Event
The current token to ArcGIS Online or ArcGIS Enterprise.
The expiration time of the current refreshToken
.
The current ArcGIS Online or ArcGIS Enterprise token
.
The expiration time of the current token
.
Deprecated, use federatedServers
instead.
For a "Host" app that embeds other platform apps via iframes, after authenticating the user and creating a UserSession, the app can then enable "post message" style authentication by calling this method.
Internally this adds an event listener on window for the message
event
Array of origins that are allowed to request authentication from the host app
Optional
win: anyReturns the proper [credentials
] option for fetch
for a given domain.
See trusted server.
Used internally by underlying request methods to add support for specific security considerations.
The url of the request
"include" or "same-origin"
Returns information about the currently logged in user's portal. Subsequent calls will not result in additional web traffic.
session.getPortal()
.then(response => {
console.log(portal.name); // "City of ..."
})
Optional
requestOptions: IRequestOptionsOptions for the request. NOTE: rawResponse
is not supported by this operation.
A Promise that will resolve with the data from the response.
Gets an appropriate token for the given URL. If portal
is ArcGIS Online and
the request is to an ArcGIS Online domain token
will be used. If the request
is to the current portal
the current token
will also be used. However if
the request is to an unknown server we will validate the server with a request
to our current portal
.
Optional
requestOptions: ITokenRequestOptionsReturns information about the currently logged in user. Subsequent calls will not result in additional web traffic.
session.getUser()
.then(response => {
console.log(response.role); // "org_admin"
})
Optional
requestOptions: IRequestOptionsOptions for the request. NOTE: rawResponse
is not supported by this operation.
A Promise that will resolve with the data from the response.
Returns the username for the currently logged in user. Subsequent calls will not result in additional web traffic. This is also used internally when a username is required for some requests but is not present in the options.
session.getUsername() .then(response => { console.log(response); // "casey_jones" }) ```
Manually refreshes the current token
and tokenExpires
.
Optional
requestOptions: ITokenRequestOptionsReturns authentication in a format useable in the ArcGIS API for JavaScript.
esriId.registerToken(session.toCredential());
ICredential
Static
authorizeStatic
beginOAuth2Begins a new browser-based OAuth 2.0 sign in. If options.popup
is true
the
authentication window will open in a new tab/window and the function will return
Promise<UserSession>. Otherwise, the user will be redirected to the
authorization page in their current tab/window and the function will return undefined
.
Optional
win: anyStatic
completeOAuth2Completes a browser-based OAuth 2.0 sign in. If options.popup
is true
the user
will be returned to the previous window. Otherwise a new UserSession
will be returned. You must pass the same values for options.popup
and
options.portal
as you used in beginOAuth2()
.
Optional
win: anyStatic
deserializeStatic
exchangeCompletes the server-based OAuth 2.0 sign in process by exchanging the authorizationCode
for a access_token
.
Static
fromTranslates authentication from the format used in the ArcGIS API for JavaScript.
UserSession.fromCredential({
userId: "jsmith",
token: "secret"
});
UserSession
Static
fromRequest session information from the parent application
When an application is embedded into another application via an IFrame, the embedded app can
use window.postMessage
to request credentials from the host application. This function wraps
that behavior.
The ArcGIS API for Javascript has this built into the Identity Manager as of the 4.19 release.
Note: The parent application will not respond if the embedded app's origin is not:
origin of the parent frame. Passed into the embedded application as parentOrigin
query param
Optional
win: any
Used to authenticate both ArcGIS Online and ArcGIS Enterprise users.
UserSession
includes helper methods for OAuth 2.0 in both browser and server applications.