laptop and a wrench

Bug

The OAuth (Open Authorization)/authorize endpoint from ArcGIS Online does not issue a cookie for items when using app registration, causing users to sign in multiple times.

Last Published: March 15, 2019 ArcGIS Online
Bug ID Number BUG-000119198
SubmittedJanuary 8, 2019
Last ModifiedJanuary 9, 2021
Applies toArcGIS Online
Version foundN/A
Operating SystemWindows
Operating System Version10.0 64 Bit
Version Fixed7.1
StatusFixed

Additional Information

The OAUTH/authorize endpoint from ArcGIS Online does not issue a cookie for items using app registration. Hub Site Applications (the intended primary user experience for Hub users) makes heavy use of app registration to support custom domains. Without the cookie, users have to sign in multiple times which makes the system difficult to use. This means that if a user goes to the custom domain for a private hub site they are prompted to log in. When they log in, if any private apps are embedded in the hub site, they are not displayed because the authentication the user just completed cannot be passed to the web app. This also means when the user clicks on Explore in an app gallery, it prompts the user for sign in prior to the user being able to see the app even though they just signed in. Users are expecting that community users (a member of the user's separate communityorg.maps.arcgis.com ) only ever signs in/up & interact with the Hub Site Application or other WebGIS apps associated with a project/initiative. It is not expected for many community users to use the home application (unless that community user is already familiar with GIS - which is an important population but not the target of the Hub product).

Workaround

The following workaround steps allow the Gallery card to appear after logging in only once. However, the following steps do not work for the Iframe card.

  1. Navigate to the redirect URL: https://www.arcgis.com/home/signin.html?returnUrl=https://case02241554-ess.hub.arcgis.com/.
  2. Input username and password.
  3. The Gallery card which is on the right and titled, “case02241554_webapp.” Select the Explore button. It appears without requiring an additional log in.

This technology solves the issue but did not offer a user experience where citizens can come in from Google search results, a news article, a tweet, etc. It also means that if the user logs in any way other than through the redirect URL, the iframes in the page would not function and they have to log in multiple times. As a custom domain has been set up to direct donors, this workaround does not allow users to use their custom domain and is difficult to ensure use.

Steps to Reproduce

Bug ID: BUG-000119198

Software:

  • ArcGIS Online

Get help from ArcGIS experts

Contact technical support

Download the Esri Support App

Go to download options

Discover more on this topic