Connecting within ArcGIS application with resource

Question

I have following dillema: Using ArcGIS Enterprise 10.8, I have added a new item – Application – to a users content.

This generates an Application item, with an App ID and APP Secret, along with App type and redirect URIs defined. These can be used to generate an access token via the OAUTH2 token endpoint: https:///sharing/rest/oauth2/token

using the parameters :

client_id=APPID& client_secret=APPSECRET& grant_type=client_credentials

ESRI States in their documentation: “Successful authentication directly returns a JSON response containing the access token that allows the application to work with resources that are accessible to the application (that is, have been shared with the application). Use of the client_secret as previously described is mandatory.”

Question is: how do we share resources with the application?

The overall goal is to grant an external application (unknown user) access to portal ressources (ie.a layer item) via OAUTH2 app login.

Do you have any suggestions?

Answer 1

This is certainly confusing documentation, but I have found it useful to review this page: Limitations of App Login.

Specifically:

Applications cannot create, update, share, modify, or delete items (layers, files, services, maps) in ArcGIS Online or ArcGIS Enterprise.

... If you want to access private content within an organization or content that has been shared with a user, you must use the named user login pattern for authentication.

For what you want to do, you'll most likely want to create a non-expiring refresh token based on a specific user, and store that in with your external application.