1

I am developing a REST API with .NET Core 6 using an OAuth 2 authentication. I need a login which does:

  • authenticate the user using the REST API
  • issue a (user-specific) token I can use in the web application (ArcGIS API for Javascript)

For this, I am using AspNet.Security.OAuth.ArcGIS and basically the Server-Enabled Workflow. Everything works fine until I sign out.

When I sign out, the cookie is removed and I have no access to REST API any more. So far so good but the access_token is not invalidated. I can still use the token to access ArcGIS web services.

I understand that there is no logout option available with AspNet.Security.OAuth.ArcGIS. So I was looking into alternative ways how to invalidate the token:

How can I invalidate an access_token?

Some of the resources I used:

asked May 12, 2022 at 16:59
2
  • Have you posted to the Esri forums? You may grab the attention of a developer over there? Commented Jul 18, 2022 at 16:11
  • No I haven't yet. I don't really like using Esri's community forum. Their editor is horrific to use and I usually avoid their forum unless it's really important. However, since I don't get response here, I will consider it. Thanks for reminding me. I went with a workaround and I use a proxy endpoint to funnel all UI requests for the ArcGIS REST API. That way I don't have to expose a token. Commented Aug 2, 2022 at 19:41

0

Know someone who can answer? Share a link to this question via email, Twitter, or Facebook.

Your Answer

Draft saved
Draft discarded

Sign up or log in

Sign up using Google
Sign up using Email and Password

Post as a guest

Required, but never shown

Post as a guest

Required, but never shown

By clicking "Post Your Answer", you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.