EsriAuthController
The EsriAuthController handles authentication with Esri ArcGIS services by generating OAuth tokens for external API access.
Overview
This controller provides a proxy for obtaining Esri ArcGIS OAuth tokens using client credentials flow. It's used to authenticate requests to Esri services from the SWMM application.
Data Sources
- External API: Esri ArcGIS OAuth endpoint
- Configuration:
appsettings.jsonfor client credentials - No Database Storage: Stateless token generation
Endpoints
GET /api/esriauth/token
Generates an OAuth token for Esri ArcGIS services.
Headers Required:
Authorization: Bearer <jwt_token>(from AuthController)
Response:
- 200 OK: Returns OAuth token with expiration
- 500 Internal Server Error: Configuration or API error
Response Body:
{
"token": "string",
"expires": 1440,
"ssl": true
}
Data Flow:
OAuth Parameters:
client_id: Esri application client IDclient_secret: Esri application client secretgrant_type:client_credentialsexpiration:1440(24 hours)f:json
Configuration
Required Settings:
{
"Esri": {
"ClientId": "your_esri_client_id",
"ClientSecret": "your_esri_client_secret"
},
"AllowedOrigins": "http://localhost:3000,https://yourdomain.com"
}
CORS Support
- Configurable allowed origins
- Supports multiple domains
- Validates request origin against configuration
Security Features
- JWT Authentication: Requires valid JWT token from AuthController
- Client Credentials: Uses secure client credential flow
- Token Expiration: 24-hour token lifetime
- CORS Protection: Origin validation
- No Token Storage: Tokens are not persisted
Error Handling
- Comprehensive logging of request details
- Environment variable validation
- API response error handling
- CORS configuration logging
Dependencies
Microsoft.AspNetCore.AuthorizationSystem.Net.HttpSystem.Text.JsonIHttpClientFactory
External API Integration
Esri OAuth Endpoint:
POST https://www.arcgis.com/sharing/rest/oauth2/token
Content-Type: application/x-www-form-urlencoded
Response Headers:
Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidatePragma: no-cacheExpires: 0
Usage Pattern
- Client authenticates with SWMM API (AuthController)
- Client requests Esri token (EsriAuthController)
- Client uses Esri token for ArcGIS service calls
- Token expires after 24 hours
Monitoring
- Request method and URL logging
- Header information capture
- CORS configuration validation
- Environment variable presence checks
- API response status tracking