Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Add support for the "social" authorize to beginOAuth2()

See original GitHub issue

In the Hub, and soon to be in Hub ready apps, we leverage the seemingly undocumented “social” authorize endpoint to go around the default login screen send users directly to the facebook/google provider sign in/up pages. For example, we first show this modal:

Clicking on the Facebook/Google buttons will open an OAuth popup that goes to /sharing/rest/oauth2/social/authorize?socialLoginProviderName=<google|facebook>&autoAccountCreateForSocial=true&width=800&height=500 along w/ the rest of the OAuth2Options like clientId and redirectUri. That route in turn redirects to the provider’s own page:

I think once the user does their business over on the provider pages the rest of the flow is the same (the redirect uri is opened with token, state, expires_in, username etc).

I’m hoping this can be done fairly easily by to to extend OAuth2Options to have a path which defaults to /rest/oauth2/authorize but in this case would be overridden by /rest/oauth2/social/authorize along w/ additional props for socialLoginProviderName and autoAccountCreateForSocial (and maybe width and height?).

The relevant code that the Hub uses can be seen here:

https://github.com/ArcGIS/opendata-ui/blob/cfbcc8541de10ca67311375a59745e12c1cb5d3f/packages/opendata-ui/app/components/od-sign-in-modal/component.js#L62-L85

And then here:

https://github.com/Esri/torii-provider-arcgis/blob/8be3bdfe99647d1ac87f7b813553fb5968033b14/app/torii-providers/arcgis-oauth-bearer.js#L65-L162

Who’s with me? ⚔️

Issue Analytics

State:
Created 5 years ago
Comments:16 (16 by maintainers)

Top GitHub Comments

1reaction

jgravoiscommented, Jul 11, 2018

Non-Default portal (https://myorg.maps.arcgis.com/sharing/rest) and autoAccountCreateForSocial=true AND NO secret org property set ???

true | false, auth blows up immediately when the org requires that new accounts are approved.

http://localhost:8080/authenticate.html?clientID=ePF8QFbgoWIkedxD#error=invalid_request&error_description=Joining this organization is supported by invitation only, you need to receive an invitation from the administrator.&messageCode=OAUTH_0024

because of this it seems appropriate for us to just hardcode true, at least for now.

1reaction

jgravoiscommented, Jul 10, 2018

If I don’t have an an AGOL account and I hit one of these sign in links and autoAccountCreateForSocial is true do I automatically get an account for the org that the client id is associated with? Or do I get a public account unassociated with the org?

if the default portal is passed, you’ll still get a public account, but you won’t see the dialog below prior to choosing your username.

screenshot 2018-07-10 11 40 28

if a custom portal is passed and the associated organization supports social login and also has a top-secret organization property set that allows the creation of new accounts without administrator approval, then you’ll get an account in that org, regardless of the client id supplied.

Top Results From Across the Web

Solved: Use the BeginOAuth2 without a popup - Esri Community

Solved: I am trying to include user authentication into a webpage. I want to use `BeginOAuth2` method from the rest-js library.

UserSession | API Reference | ArcGIS REST JS - Esri GitHub

Begins a new server-based OAuth 2.0 sign in. This will redirect the user to the ArcGIS Online or ArcGIS Enterprise authorization page. beginOAuth2(options: ......

Identity Manager 8.1 - Authorization and Authentication Guide

The OAuth2.0/OpenID Connect and OAuth2.0/OpenID Connect (role-based) authentication modules support the authorization code flow for OAuth 2.0 and OpenID ...

ArcGISIdentityManager | ArcGIS REST JS

Begins a new server-based OAuth 2.0 sign in. This will redirect the user to the ArcGIS Online or ArcGIS Enterprise authorization page. beginOAuth2(options,...

https://codecov.io/api/gh/Esri/arcgis-rest-js/down...

getTime() > Date.now()) {\n return Promise.resolve(this.token);\n }\n\n if ... else {\n url = `${portal}/oauth2/social/authorize?client_id=${clientId}& ...