esri / torii-provider-arcgis Goto Github PK
View Code? Open in Web Editor NEWTorii Provider for ArcGIS.com wrapped as an Ember-CLI Addon
Home Page: https://esri.github.io/torii-provider-arcgis/
License: Apache License 2.0
Torii Provider for ArcGIS.com wrapped as an Ember-CLI Addon
Home Page: https://esri.github.io/torii-provider-arcgis/
License: Apache License 2.0
add esri.github.io/ as another valid redirect_uri for the registered sample app
client_id: zDbzLJW6W4tcxHkj
not sure who owns the item though...
In debugging an issue with Portal, the backing system was setup so that http requests to the api would be 302'd to https requests.
It seems like fetch
would follow the 302, but was not smart enough to send the same body if the first request was a POST. Rather, it would send a GET, w/o the f=json&token=34b2js...
and that would return the html, which would
I propose we change that call to force a GET --> return arcgisRest.request(userUrl, { authentication: authMgr, httpMethod: 'GET' });
Still checking if this is a Portal/Enterprise thing, or something unique to this one env. If the latter, we may not need this, but should still consider looking into why the 302 is respected, but the form is not re-sent.
If config.baseURL
is set to a value other /
, the redirect URL ignores it and just redirects to the root.
This can be resolved by modifying the value of _currentBaseUrl
at line 37 of arcgis-oauth-bearer.js to include config.baseURL
.
Importing config
is needed.
I've tested this change on localhost and a github page deploy and it worked.
arcgis-rest-auth
and arcgis-rest-request
we only see arcgis-rest-auth
in vendor.js
showSocialLogins
, display
UserSession.completeOAuth2
- more a general thing.This requires use to use arcgis-rest-js
within theredirect.html
file, as well as getting the clientId
into that context. Given that we can/have been doing this with ~4 lines of javascript in the <head>
of redirect.html
, this seems like overkill.
If UserSession.beginOAuth2
could register the callback with a consistent name - i.e. window['__ESRI_REST_AUTH_HANDLER']
instead of window['__ESRI_REST_AUTH_HANDLER_${clientid}']
this would greatly simplify things.
Regardless, we can't use this in torii-provider-arcgis
because we need to use the mechanism provided by torii
.
Use the ENV.APP.arcgisPortal
hash for determining / configuring the portalUrl
See: #36 (review)
As Per https://medium.com/@bantic/torii-vulnerability-disclosure-dd98b6d88ec3, Torii < 0.9.1 has a possible exploit if the default redirectUri
is used.
While this provider does not use the default, it would still be good to upgrade to latest
To centralize the logic for getting the correct portal url, have the session mixin be able to return a correct portalUrl (based on ENV.APP.arcgisPortal
settings) for non-authenticated sessions.
Keep the current logic (using the portalUrl from the cookie/portal-self call) for Auth'd users.
We should deprecate the use of apiKey
and switch to clientId
.
This is more consistent with the url param in the AOG request, and aligned with oAuth terminology
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.