Describe the bug
We've found a scenario where following the documented example to create an ArcGISIdentityManager from an @arcgis/core IdentityManager session fails to create a valid identity manager. We have observed this behavior in Enterprise 12.1 K8s instances, though its not yet clear how wide spread the issue may be.
The issue seems to be caused by the ServerInfo instance extracted from the IdentityManager in this example. Before the user attempts to access a hosted feature layer in the @arcgis/core auth session, the ServerInfo will have hasServer = null, but after the user accesses a hosted feature layer, it will get hasServer = true. Those two scenarios will lead to different code paths in
|
if (serverInfo.hasServer) { |
|
return new ArcGISIdentityManager({ |
|
server: credential.server, |
|
ssl, |
|
token: credential.token, |
|
username: credential.userId, |
|
tokenExpires: new Date(expires) |
|
}); |
|
} |
|
return new ArcGISIdentityManager({ |
|
portal: cleanUrl( |
|
credential.server.includes("sharing/rest") |
|
? credential.server |
|
: credential.server + `/sharing/rest` |
|
), |
|
ssl, |
|
token: credential.token, |
|
username: credential.userId, |
|
tokenExpires: new Date(expires) |
|
}); |
|
} |
When hasServer=true, the ArcGISIdentityManager will fail to authenticate against the enterprise instance. When !hasServer, it will succeed.
Reproduction
https://codepen.io/_timmorey_/pen/yyVVjJX
This is a somewhat convoluted repro, and you'll need to do some setup outside the codepen.
- Sign in to a 12.1 K8s Enterprise instance
- Create a hosted feature layer in the home app
- Open the codepen
- Update
portalUrl to be the url of the enterprise instance
- Update
layerItemId to be the id of the item created at step 2
- Open the console, since the codepen will only write output there
- Run the codepen
Logs
When running, I see this console output:
Before loading layer, IdentityManager.findServerInfo(portalUrl).hasServer = null
Before loading layer, ArcGISIdentityManager.fromCredential(...).portal = https://rqa01bi-rqa01bi.apps.openshift418release.esri.com/gis/sharing/rest
After loading layer, IdentityManager.findServerInfo(portalUrl).hasServer = true
After loading layer, ArcGISIdentityManager.fromCredential(...).portal = https://www.arcgis.com/sharing/rest
That last line of output is the problem, where it thinks the portal is arcgis.com
System Info
Additional Information
We were able to work around this by not extracting ServerInfo from the @arcgis/core IdentityManager. In our scenarios, we know we're connected to a portal, so we pass in
{
server: myPortalUrl,
hasPortal: true,
hasServer: false,
}
as the second argument to fromCredential.
Maybe this is the same core issue as #1233?
Describe the bug
We've found a scenario where following the documented example to create an ArcGISIdentityManager from an @arcgis/core IdentityManager session fails to create a valid identity manager. We have observed this behavior in Enterprise 12.1 K8s instances, though its not yet clear how wide spread the issue may be.
The issue seems to be caused by the
ServerInfoinstance extracted from theIdentityManagerin this example. Before the user attempts to access a hosted feature layer in the @arcgis/core auth session, the ServerInfo will havehasServer = null, but after the user accesses a hosted feature layer, it will gethasServer = true. Those two scenarios will lead to different code paths inarcgis-rest-js/packages/arcgis-rest-request/src/ArcGISIdentityManager.ts
Lines 910 to 930 in 6d611f9
When
hasServer=true, theArcGISIdentityManagerwill fail to authenticate against the enterprise instance. When!hasServer, it will succeed.Reproduction
https://codepen.io/_timmorey_/pen/yyVVjJX
This is a somewhat convoluted repro, and you'll need to do some setup outside the codepen.
portalUrlto be the url of the enterprise instancelayerItemIdto be the id of the item created at step 2Logs
When running, I see this console output: Before loading layer, IdentityManager.findServerInfo(portalUrl).hasServer = null Before loading layer, ArcGISIdentityManager.fromCredential(...).portal = https://rqa01bi-rqa01bi.apps.openshift418release.esri.com/gis/sharing/rest After loading layer, IdentityManager.findServerInfo(portalUrl).hasServer = true After loading layer, ArcGISIdentityManager.fromCredential(...).portal = https://www.arcgis.com/sharing/rest That last line of output is the problem, where it thinks the portal is arcgis.comSystem Info
Additional Information
We were able to work around this by not extracting ServerInfo from the @arcgis/core IdentityManager. In our scenarios, we know we're connected to a portal, so we pass in
as the second argument to
fromCredential.Maybe this is the same core issue as #1233?