不具合
API key scoped to a hosted feature service with allowAnonymousToQuery set to false yields no results when queried, while short lived OAuth2 token does.
| 不具合 ID 番号 | BUG-000169836 |
|---|---|
| 送信されました | August 8, 2024 |
| 最終更新日 | November 6, 2024 |
| 適用対象 | ArcGIS Online |
| 見つかったバージョン | June 2024 |
| オペレーティング システム | Windows OS |
| オペレーティング システムのバージョン | 11.0 64 bit |
| ステータス | As Designed |
参考情報
The current implementation of the API Authentication token is functioning as intended. This design choice has important implications for user privacy and system security. Token Content: The API Authentication token is designed to contain only the information necessary for accessing specific items or resources. It does not include user login information typically found in OAuth tokens. Anonymous Access: Due to the absence of user-specific information, requests made with these tokens are treated as coming from an anonymous account. Security Implications: The token's limited scope reduces potential security risks associated with token interception or misuse. Intended Functionality: This behavior is not a bug or oversight, but a deliberate design choice to balance functionality, privacy, and security.対処法
Access tokens have different privileges depending on the method used to obtain them: Tokens from API key authentication and App authentication have their privileges managed by the developer credentials used to obtain them. Tokens from user authentication have their privileges determined by the ArcGIS account of the signed-in user.再現の手順
不具合 ID: BUG-000169836
ソフトウェア:
- ArcGIS Online
バグのステータスが変更されたときに通知を受け取る
このトピックについてさらに調べる
関連情報の検索
このトピックに関連するトレーニングの検索
アイデアを探して、フィードバックを提供します
ArcGIS エキスパートのサポートを受ける
Esri Support アプリのダウンロード