Skip to main content

EsriAuthController

The EsriAuthController handles authentication with Esri ArcGIS services by generating OAuth tokens for external API access.

Overview

This controller provides a proxy for obtaining Esri ArcGIS OAuth tokens using client credentials flow. It's used to authenticate requests to Esri services from the SWMM application.

Data Sources

  • External API: Esri ArcGIS OAuth endpoint
  • Configuration: appsettings.json for client credentials
  • No Database Storage: Stateless token generation

Endpoints

GET /api/esriauth/token

Generates an OAuth token for Esri ArcGIS services.

Headers Required:

  • Authorization: Bearer <jwt_token> (from AuthController)

Response:

  • 200 OK: Returns OAuth token with expiration
  • 500 Internal Server Error: Configuration or API error

Response Body:

{
"token": "string",
"expires": 1440,
"ssl": true
}

Data Flow:

OAuth Parameters:

  • client_id: Esri application client ID
  • client_secret: Esri application client secret
  • grant_type: client_credentials
  • expiration: 1440 (24 hours)
  • f: json

Configuration

Required Settings:

{
"Esri": {
"ClientId": "your_esri_client_id",
"ClientSecret": "your_esri_client_secret"
},
"AllowedOrigins": "http://localhost:3000,https://yourdomain.com"
}

CORS Support

  • Configurable allowed origins
  • Supports multiple domains
  • Validates request origin against configuration

Security Features

  1. JWT Authentication: Requires valid JWT token from AuthController
  2. Client Credentials: Uses secure client credential flow
  3. Token Expiration: 24-hour token lifetime
  4. CORS Protection: Origin validation
  5. No Token Storage: Tokens are not persisted

Error Handling

  • Comprehensive logging of request details
  • Environment variable validation
  • API response error handling
  • CORS configuration logging

Dependencies

  • Microsoft.AspNetCore.Authorization
  • System.Net.Http
  • System.Text.Json
  • IHttpClientFactory

External API Integration

Esri OAuth Endpoint:

POST https://www.arcgis.com/sharing/rest/oauth2/token
Content-Type: application/x-www-form-urlencoded

Response Headers:

  • Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate
  • Pragma: no-cache
  • Expires: 0

Usage Pattern

  1. Client authenticates with SWMM API (AuthController)
  2. Client requests Esri token (EsriAuthController)
  3. Client uses Esri token for ArcGIS service calls
  4. Token expires after 24 hours

Monitoring

  • Request method and URL logging
  • Header information capture
  • CORS configuration validation
  • Environment variable presence checks
  • API response status tracking