Skip to main content
  • EN

Seems that the ArcGIS Online authentication token expires in fairly short order. Has anyone found a workaround to this issue? This makes running scheduled tasks difficult as re-authentication is needed on a daily basis it seems.

This is most likely an issue on the Esri side as FME is just passing your credentials to the Esri's OAuth api endpoint.

I'm wondering if anyone has stored their AGO credentials in the workspace, pass those credentials to the OAuth api for authorization, then continue on with accessing feature services in AGO? Probably not the best idea to do this...

Hi @mattdowning88,

Just to get a bit more background on this, how quickly are you finding that the ArcGIS Online authentication token is expiring? Does it typically last at least a few hours before it starts throwing errors? Also, are you scheduling tasks using FME Desktop or FME Server?

The Web Connection that FME uses to authenticate with ArcGIS Online uses their OAuth endpoints. Do you see the connection in FME work for a time, then stop working until you re-authenticate? If that's the case, then I think the refresh token (which basically keeps the connection to AGOL alive) is expiring. That token can only be re-generated by re-authenticating.

Here's a more detailed explanation of what's happening when FME authenticates:

 

There are two types of tokens being used when FME makes its connection to ArcGIS Online. When you enter your username and password for ArcGIS online when authenticating the web connection, that will generate a refresh_token. That token is supposed to be a long-lasting token that grants FME Server the ability to get a short-lived access token that will grant it access to everything your AGOL user account can access. Whenever the access token expires, FME can use the refresh token to get a new one. The access token will only last for 30 minutes by default.

 

 

When a refresh token expires, that will prevent an application like FME from being able to automatically regenerate the access token. The only way to get a new refresh token is to re-enter your username and password.

 

 

By default, the web connection that FME creates will set the expiration of the refresh token to a value of -1, which should let it last forever. But, an ArcGIS Online organization can override this to force it to be a shorter duration instead. I suspect your organization has limited the refresh tokens to last for a shorter period of time. Unfortunately, I'm not sure where in ArcGIS online that would be configured.

 

 

Here's a good resource on this subject: https://developers.arcgis.com/documentation/core-concepts/security-and-authentication/server-based-user-logins/ (look under Authorization Endpoint for more information about the refresh tokens).

Hi Lauraatsafe

 

We have this problem every couple of weeks, the numbers of weeks seems to vary but never did real math on that. I don't think no one from our organisation has played with the refresh token expiration values...but then again not sure where to get that setting either. Asked ESRI where that was but will likely receive no real help.

 

 

Hi Lauraatsafe

 

We have this problem every couple of weeks, the numbers of weeks seems to vary but never did real math on that. I don't think no one from our organisation has played with the refresh token expiration values...but then again not sure where to get that setting either. Asked ESRI where that was but will likely receive no real help.

 

 

I think by default the max is set to -1 (which is basically forever). Our org has it set to that and we are running into the same issues (401 errors). We have been experiencing this on FME Server off and on again. Seems like FME should know when the refresh token expires and should re-authenticate it automagically. Have had it happen only once since we updated to 2019.

Reply


Community Stats

29,729
Posts
112,949
Replies
37,371
Members
Terms & ConditionsCookie settings