This is a demo implementation of a PHP server that acts as a proxy service for ArcGIS application credentials.
Learn more about ArcGIS application credentials.
If you use ArcGIS and need a more secure authentication method than API keys, application credentials are a possible choice. This uses an OAuth type handshake with the ArcGIS services to request an authentication token and use it to authenticate services in your client app. However, you do not want to bake in your clientID and clientSecret in a client app as that could expose your credentials to hijacking. If a nefarious entity gets hold of your credentials they can create tokens on your behalf. To avoid that, your client app requests authentication tokens from an app like this one. The token also expires requiring frequent refreshing and updating the client app with valid tokens. It is also expected your server will run on HTTPS.
Make a copy of this folder.
-
Log in with your ArcGIS Developer account at https://developers.arcgis.com. Create a new OAuth 2.0 application (you can use an existing app.) Copy the Client ID and Client Secret.
-
Rename
secret.sample.phptosecret.php. Notesecret.phpis not committed to version control via.gitignoreso your secrets are not shared. Edit this file to replaceYOUR_CLIENT_IDandYOUR_CLIENT_SECRETwith the values from your application. -
Install the app on your PHP-based webserver. The endpoint is
auth.phpdepending on the path you install this project at.