PKI Authentication - Githubissues

R-ArcGIS / arcgislayers

ArcGIS Location Services

http://r.esri.com/arcgislayers/

Apache License 2.0

36 stars 8 forks source link

PKI Authentication #162

Open bchileen opened 3 months ago

bchileen commented 3 months ago

Is there any way to support PKI authentication for Portal instances? My organization uses PKI so we are unable to go through OAuth2. Super excited about this work and happy to see it gaining momentum. Thanks!

-BCM

JosiahParry commented 3 months ago

No, not yet! It's definitely out of my wheelhouse--and mainly just not documented for the REST API!

Have you tried using auth_user() I suspect it still doesn't work for you.

Will you be using this from a machine that has Pro installed?

🤔

bchileen commented 3 months ago

I did try authenticating through Pro with my portal account that required the PKI auth and it couldn't pass the credentials through/make the request. I got the following error:

token <-auth_binding() set_arc_token(token) publish_layer(FA, "MVRFATEST") Error in httr2::req_perform(): ! HTTP 401 Unauthorized. Run rlang::last_trace() to see where the error occurred.

rlang::last_trace() <error/httr2_http_401> Error in httr2::req_perform(): ! HTTP 401 Unauthorized.

Backtrace: ▆

└─arcgislayers::publish_layer(FA, "MVRFATEST")

├─rlang::inject(add_item(x, title, token = token, !!!adtl_args))

└─arcgislayers::add_item(x, title, token = token)

└─httr2::req_perform(req_body)

I was successful using my AGOL which is OAuth2, my plan was just to point my portal to that layer if I couldn't do a direct host.

JosiahParry commented 3 months ago

Interesting! So it looks like the token you got with auth_binding() is valid but you might not have publisher privileges on that portal? 401 tells me that the request went through but the service said 🛑 scratch that, i think you're right.

Would you mind providing a reprex with the auth binding?

Like so:

reprex::reprex({
  library(arcgis)
  token <- auth_binding()
  set_arc_token(token) 

  nc <- sf::st_read(system.file("shape", "nc.shp"))

  publish_layer(nc, "publish testing")
})

bchileen commented 3 months ago

library(sf)
#> Linking to GEOS 3.11.2, GDAL 3.7.2, PROJ 9.3.0; sf_use_s2() is TRUE
library(arcgis)
#> Attaching core arcgis packages:
#>   - {arcgisutils} v0.2.0
#>   - {arcgislayers} v0.2.0
library(arcgisutils)
library(arcgislayers)
library(reprex)
nc <- st_read(system.file("shape/nc.shp", package="sf"))
#> Reading layer `nc' from data source 
#>   using driver `ESRI Shapefile'
#> Simple feature collection with 100 features and 14 fields
#> Geometry type: MULTIPOLYGON
#> Dimension:     XY
#> Bounding box:  xmin: -84.32385 ymin: 33.88199 xmax: -75.45698 ymax: 36.58965
#> Geodetic CRS:  NAD27
token <-arcgisutils::auth_binding()
##This is pulling from ArcPro Desktop v. 3.2.0 with patch 3.2.2 with a PKI Authenticated portal set as the active portal.
##User role/permissions on the portal are administrator/creator
arcgisutils::set_arc_token(token)
arcgislayers::publish_layer(nc, "nc publish test")
#> Error in `httr2::req_perform()`:
#> ! HTTP 401 Unauthorized.

^{Created on 2024-03-06 with reprex v2.1.0}

R-ArcGIS / arcgislayers

PKI Authentication #162

rlang::last_trace() <error/httr2_http_401> Error in httr2::req_perform(): ! HTTP 401 Unauthorized.

rlang::last_trace() <error/httr2_http_401> Error in `httr2::req_perform()`: ! HTTP 401 Unauthorized.