Mixed user and app authentication

[mothmonsterman]

Unless I missed something, it may be worth noting that 2 separate proxy configurations were required to handle a mixture of local ARCGIS server user authentication along with credit based app authentication (i.e., route, traffic, etc) in the same application.

I could not for the life of me get the app to work when there was a mixture of OAuth 2.0 and non-OAuth credentials in the same proxy configuration but I didn't see anything about it in the documentation. Splitting out to 2 separate proxies and then using

EsriConfig.defaults.io.proxyRules.push({
    urlPrefix:"foo.com",
    proxyUrl:"bar.jsp"
});
EsriConfig.defaults.io.proxyRules.push({
    urlPrefix:"bar.com",
    proxyUrl:"foo.jsp"
});

to forward to the right proxy based on the request was the only way I could get it working.

Unfortunately the following did not register the proxy properly in my application either (JS API 3.9 required "esri/urlUtils")...

urlUtils.addProxyRule({
    urlPrefix:"foo.com",
    proxyUrl:"bar.jsp"
});

hence the direct pusing onto

EsriConfig.defaults.io.proxyRules

[phpmaps]

@mothmonsterman thanks for the post. Just so I'm clear your app does some kind of routing (which uses an ArcGIS Online subscription service) and contains on or more secured ArcGIS Server layers also requiring credentials to authenticate. Is this correct?

Also just so that I am clear, are you are using the Java proxy and not the DotNet and PHP ones?

-Doug

[mothmonsterman]

@phpmaps no problem, wanted to save someone else the trouble. That is correct. We use the arcgis routing service for driving directions in our app (route.arcgis.com and traffic.arcgis.com - credit based - app login) and also host a local arcgis server with secured mapping services (local user login).

We are using the Java proxy (sorry didnt see a way to label the issue myself).

[phpmaps]

We will need to reproduce this. Before you implemented your workaround were you able to glean anything from the proxy log and see what is failing?

Also when the proxy failed can you share your config file with us? (the config should be exactly as it was during the point of failure (but be sure to XXXX out your credentials)). Ideally, we have logic in the proxy to map each service URL to a token, it's kind of like a token store so I am surprised this is happening in the Java proxy. It might be related to our config parsing logic not sure...

If everything checks out this sounds like a bug that needs to investigated.

If you get time - please pass on 1) log errors surrounding the point of failure and 2) your config file as it looked during the point of failure.

[mothmonsterman]

sure thing. i will need to backtrack a bit to reproduce and get the info for you. is there a way to attach files to this issue or do i just markdown in the comment?

[esoekianto]

@mothmonsterman thank you for sharing this with us. But I have not been able to reproduce the same behavior reported, where we could not have mixture of OATH2 and non-OATH2 in the same proxy.

I made simple test case with 2 iframes, one is pointing to route.arcgis.com using OATH2 and the other to our sampleserver6 (ags server) using token-based (non-OATH2).

see the screenshot below if this is the same setup you have

[mothmonsterman]

@esoekianto i am going to try to reproduce here in a few... how did you register the proxy with the arcgis js api?

[esoekianto]

@mothmonsterman I only tried in simple html iframes to load json solve from route service using aoth2 and sampleserver6 (ags server) non-aoth.

I can try to scrounge up simple javascript application to load from both resources, but I am interested to see the java proxy problem reported when it was failed to authenticate when there are mixture of serverurls that use OATH2 and non-OATH2. Hopefully we can catch something here

[mothmonsterman]

10-4 putting it back together to reproduce now

[mothmonsterman]

First issue was that with ARCGIS JS API 3.9, urlUtils.addProxyRule did not properly register proxy:

Explicitly pushing onto the EsriConfig.defaults.io.proxyRules helped with that:

Yay proxy! But now I'm forbidden....

[esoekianto]

@mothmonsterman good, we are glad that we made sure that the proxy can have a mixture of OATH2 and non-OATH2 serverurls

if the 403 forbidden error came out of the proxy, it could be the prefix of serverurl in proxy.config for the arcgis server.

we will have to confirm the urlUtils.addProxyRule in javascript api 3.9 issue, but cool tips. :+1:

[mothmonsterman]

@esoekianto you are correct, looks like my config was bad. thanks for that

[jgravois]

since @mothmonsterman appears sorted, closing this issue.