To prevent this, your application should implement a server-side component to keep your application credentials secure. When credentials are stored on a client-side application they may be exposed to hackers. When that token expires, your client app must request a new token from your server component.Īny unauthorized party that accesses your application's credentials could potentially also access billable ArcGIS location services that are metered to your account. The client app uses the temporary token supplied by your server to authenticate with ArcGIS and gain access to the requested location service. The user of your client application requests a location service that requires authentication. Your server-side component uses the application credentials to get an access token with ArcGIS, giving you a temporary token you can share with your client app. The client_secret should only be used in server-side code to generate tokens. Never embed it in a client where it could be discovered through viewing source or developer tools. It is important to treat client_secret like you would a password.
0 Comments
Leave a Reply. |