Bug
API key scoped to a hosted feature service with allowAnonymousToQuery set to false yields no results when queried, while short lived OAuth2 token does.
| Bug-ID-Nummer | BUG-000169836 |
|---|---|
| Eingereicht | August 8, 2024 |
| Zuletzt geändert | November 6, 2024 |
| Gilt für | ArcGIS Online |
| Gefunden in Version | June 2024 |
| Betriebssystem | Windows OS |
| Betriebssystemversion | 11.0 64 bit |
| Status | As Designed |
Zusätzliche Informationen
The current implementation of the API Authentication token is functioning as intended. This design choice has important implications for user privacy and system security. Token Content: The API Authentication token is designed to contain only the information necessary for accessing specific items or resources. It does not include user login information typically found in OAuth tokens. Anonymous Access: Due to the absence of user-specific information, requests made with these tokens are treated as coming from an anonymous account. Security Implications: The token's limited scope reduces potential security risks associated with token interception or misuse. Intended Functionality: This behavior is not a bug or oversight, but a deliberate design choice to balance functionality, privacy, and security.Workaround
Access tokens have different privileges depending on the method used to obtain them: Tokens from API key authentication and App authentication have their privileges managed by the developer credentials used to obtain them. Tokens from user authentication have their privileges determined by the ArcGIS account of the signed-in user.Schritte zur Reproduzierung
Bug-ID: BUG-000169836
Software:
- ArcGIS Online
Benachrichtigung erhalten, wenn sich der Status eines Bugs ändert
Weitere Informationen zu diesem Thema erkunden
Nach zugehörigen Informationen suchen
Nach Schulungen zu diesem Thema suchen
Ideen erkunden und Feedback geben
Unterstützung durch ArcGIS-Experten anfordern
Esri Support App herunterladen