BUG-000138488 for ArcGIS Runtime SDK

Bug ID Number	BUG-000138488
Submitted	March 25, 2021
Last Modified	June 5, 2024
Applies to	ArcGIS Runtime SDK
Version found	100.10
Operating System	Windows OS
Operating System Version	10.0 64 Bit
Status	Non-Reproducible

Additional Information

This issue is caused by an incorrect OAuth workflow configuration in the client application code, where two separate workflows have been combined: one intended for authenticating specific users and one intended for authenticating applications.

Workaround

User-based authentication

To support user-based authentication with OAuth, the recommended approach is OAuth Authorization Code. In this case the TokenAuthenticationType must be set to OAuthAuthorizationCode. Refer to ArcGIS Developers: ArcGIS Identity for more information.

Example:

var serverInfo = new ServerInfo(new Uri("https://www.arcgis.com/sharing/rest"))

{

TokenAuthenticationType = TokenAuthenticationType.OAuthAuthorizationCode,

OAuthClientInfo = new OAuthClientInfo("...", null)

};

Application-based authentication

To support application-based authentication with OAuth, it is necessary to use the Client Credential approach with a client ID and client secret. In this case the TokenAuthenticationType must be set to OAuthClientCredentials. Refer to ArcGIS Developers: Application credentials for more information.

Example:

var serverInfo = new ServerInfo(new Uri("https://www.arcgis.com/sharing/rest"))

{

TokenAuthenticationType = TokenAuthenticationType.OAuthClientCredentials,

OAuthClientInfo = new OAuthClientInfo("...", null, "...")

};

Notes:

It is not necessary to issue separate REST requests for tokens, instead the ArcGIS Runtime API supports this process automatically via the AuthenticationManager.
If a manual refresh of the token is required, application code should call OAuthTokenCredential.RefreshAsync().
Various properties of the credential can be accessed via API properties on OAuthTokenCredential, such as UserName