Bogue
API key scoped to a hosted feature service with allowAnonymousToQuery set to false yields no results when queried, while short lived OAuth2 token does.
| Numéro d’ID de bogue | BUG-000169836 |
|---|---|
| Envoi | August 8, 2024 |
| Dernière modification | November 6, 2024 |
| S’applique à | ArcGIS Online |
| Version trouvée | June 2024 |
| Système d’exploitation | Windows OS |
| Version du système d’exploitation | 11.0 64 bit |
| Statut | As Designed |
Informations supplémentaires
The current implementation of the API Authentication token is functioning as intended. This design choice has important implications for user privacy and system security. Token Content: The API Authentication token is designed to contain only the information necessary for accessing specific items or resources. It does not include user login information typically found in OAuth tokens. Anonymous Access: Due to the absence of user-specific information, requests made with these tokens are treated as coming from an anonymous account. Security Implications: The token's limited scope reduces potential security risks associated with token interception or misuse. Intended Functionality: This behavior is not a bug or oversight, but a deliberate design choice to balance functionality, privacy, and security.Solution de contournement
Access tokens have different privileges depending on the method used to obtain them: Tokens from API key authentication and App authentication have their privileges managed by the developer credentials used to obtain them. Tokens from user authentication have their privileges determined by the ArcGIS account of the signed-in user.Étapes pour reproduire
ID de bogue: BUG-000169836
Logiciel:
- ArcGIS Online
Recevoir une notification lorsque le statut d’un bogue change
En savoir plus sur ce sujet
Rechercher des informations associées
Rechercher une formation sur ce sujet
Explorer des pistes et donner un avis
Obtenir de l’aide auprès des experts ArcGIS
Télécharger l’application Esri Support