Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Request tokens ignored on dev/qa servers if portal URL and UserSession.portal don't match

See original GitHub issue

When using request with ArcGIS Online Dev/QA environments, a token will not be added to the request unless the portal URL matches the authentication UserSession.portal.

The dev/qa owningSystemUrl is not recognized as a ArcGIS Online server https://github.com/Esri/arcgis-rest-js/blob/master/packages/arcgis-rest-auth/src/UserSession.ts#L826

Issue Analytics

State:
Created 4 years ago
Comments:12 (11 by maintainers)

Top GitHub Comments

1reaction

patrickarltcommented, Jul 3, 2019

I think this is happening in 2 similar but different cases because unless the URL passes the tests in https://github.com/Esri/arcgis-rest-js/blob/master/packages/arcgis-rest-auth/src/UserSession.ts#L725-L729 the UserSession.portal must exactly matches the owningSystemUrl in order to be considered for federation.

This means that the following cases fail to federate:

UserSession.portal === "https://someorg.mapsdev.arcgis.com/sharing/rest/" this actually appears to be a fairly common case for apps like Storymaps. since in dev owningSystemUrl is always https://devext.arcgis.com these don’t match and federation doesn’t happen. This was the original issue from @qlqllu https://github.com/Esri/arcgis-rest-js/blob/b956d910aadf76729190a54b6af0d3286cc11079/packages/arcgis-rest-auth/src/UserSession.ts#issuecomment-507092212. I think this is also the original issue reported by @ssylvia.
In cases where there is a scheme mismatch between http:// and https:// which is what @timmorey reported in https://github.com/Esri/arcgis-rest-js/blob/b956d910aadf76729190a54b6af0d3286cc11079/packages/arcgis-rest-auth/src/UserSession.ts#issuecomment-504144004.

@tomwayson has the right solution since we cant consider devext to be federated with production or vica versa so you would have to:

Determine if UserSession.portal is ANY ArcGIS Online Environment.
Get the ArcGIS Online Environment of UserSession.portal.
Determine if url is ANY ArcGIS Online Environment.
Get the ArcGIS Online Environment of url.
If 1 and 3 are true AND 2 and 4 match then we can short cut federation.

The alternative would be to modify https://github.com/Esri/arcgis-rest-js/blob/master/packages/arcgis-rest-auth/src/UserSession.ts#L826 with new tests to make sure that things like https://someorg.mapsdev.arcgis.com/sharing/rest/ and https://devext.arcgis.com are considered federated and to resolve the http/https issue.

1reaction

qlqllucommented, Jul 1, 2019

I receive the NOT_FEDERATED, which I think it’s caused by this reason.

The portal in session is the org URL: beijing.mapsdevext.arcgis.com, and the feature service URL is: servicedev.arcgis.com.

I think these 2 URLs should be considered as federated.