Solved

ArcGIS Online re-authentication

D
Badge

We have several FME Server services that runs nightly to update hosted services. This all works well but every month or two the services all fail because they have lost their authentication to AGOL even though there were no account changes. I can re-authenticate the connection and then the services run for a month or two and then they lose their authentication again. Is there a way to set up the authentication so that they do not have to be periodically re-authenticated?

 

Thanks in advance,

David

icon

Best answer by siennaatsafe 10 October 2019, 23:00

View original

14 replies

bruceharold
Rank
Badge +16

@siennaatsafe from memory you looked into this. Thanks.

siennaatsafe
Rank
Badge +9

Hi @dkirouac,

This is the expected behavior. Previously, the ArcGIS Online refresh tokens would last forever. The refresh token is used to get the short-lasting access token with each connection. This was recently changed so now refresh tokens expire.

With our current system, you'll have to manually refresh your connection to get a new refresh token. We've tried to fix this in 2019.2. So now, we automatically refresh the refresh tokens. Hopefully, this will prevent users from having to reauthenticate their connections. However, we've found this issue very hard to reproduce internally. So if you do have to manually re-authenticate in 2019.2 please let me know.

We've been working very hard to develop a seamless connection with ArcGIS Online. I've detailed all the issues and fixes I am aware of here https://knowledge.safe.com/articles/99956/arcgis-online-connection-troublshooting.html

If you have any questions please let me know.

M

Hi @dkirouac,

This is the expected behavior. Previously, the ArcGIS Online refresh tokens would last forever. The refresh token is used to get the short-lasting access token with each connection. This was recently changed so now refresh tokens expire.

With our current system, you'll have to manually refresh your connection to get a new refresh token. We've tried to fix this in 2019.2. So now, we automatically refresh the refresh tokens. Hopefully, this will prevent users from having to reauthenticate their connections. However, we've found this issue very hard to reproduce internally. So if you do have to manually re-authenticate in 2019.2 please let me know.

We've been working very hard to develop a seamless connection with ArcGIS Online. I've detailed all the issues and fixes I am aware of here https://knowledge.safe.com/articles/99956/arcgis-online-connection-troublshooting.html

If you have any questions please let me know.

Hi Sienna, We are encountering a similar issue using FMS Server build 19630 at a client connecting to their ArcGIS Online subscription. The connections work for approximately a month and then fail. To remedy we open FME Server and re-authenticate the connection and it continues to work as expected until the token expires again. Do you have a suggestion on how to remedy?

siennaatsafe
Rank
Badge +9

Hi Sienna, We are encountering a similar issue using FMS Server build 19630 at a client connecting to their ArcGIS Online subscription. The connections work for approximately a month and then fail. To remedy we open FME Server and re-authenticate the connection and it continues to work as expected until the token expires again. Do you have a suggestion on how to remedy?

Hi @mikeleenz,

The token refresh was introduced in build 19796 and unfortunately, there is no workaround in FME other than manually refreshing the token after it expires. However, in the ArcGIS Online documentation, there may be a way for the user to set the refresh token. We haven't been able to track down where this is but it is in the documentation. https://developers.arcgis.com/rest/users-groups-and-items/authentication.htm

"The refresh token that's returned may be valid for a shorter period than requested based on the maximum expiry time set by the user's organization or the platform."

Perhaps it's possible to extend the refresh token.

M

Hi @mikeleenz,

The token refresh was introduced in build 19796 and unfortunately, there is no workaround in FME other than manually refreshing the token after it expires. However, in the ArcGIS Online documentation, there may be a way for the user to set the refresh token. We haven't been able to track down where this is but it is in the documentation. https://developers.arcgis.com/rest/users-groups-and-items/authentication.htm

"The refresh token that's returned may be valid for a shorter period than requested based on the maximum expiry time set by the user's organization or the platform."

Perhaps it's possible to extend the refresh token.

Thanks Sienna,

 

Perhaps Safe might consider doing something similar to what Esri do themselves with the ArcGIS Sharepoint Addin where it can be set to refresh the token (just a thought)

 

https://doc.arcgis.com/en/maps-for-sharepoint/foundation-server/install-and-configure/renew-arcgis-credentials.htm
D
Badge

Thanks Sienna,

We are in the process of upgrading to 2019.2 but we will not know the results for a few months when it normally times out.

siennaatsafe
Rank
Badge +9

Thanks Sienna,

 

Perhaps Safe might consider doing something similar to what Esri do themselves with the ArcGIS Sharepoint Addin where it can be set to refresh the token (just a thought)

 

https://doc.arcgis.com/en/maps-for-sharepoint/foundation-server/install-and-configure/renew-arcgis-credentials.htm

Hi @mikeleenz,

Thanks for sharing that! I'll pass it onto the developers and see what they think. :)

danielwebb
Rank
Badge +1

Hi @dkirouac,

This is the expected behavior. Previously, the ArcGIS Online refresh tokens would last forever. The refresh token is used to get the short-lasting access token with each connection. This was recently changed so now refresh tokens expire.

With our current system, you'll have to manually refresh your connection to get a new refresh token. We've tried to fix this in 2019.2. So now, we automatically refresh the refresh tokens. Hopefully, this will prevent users from having to reauthenticate their connections. However, we've found this issue very hard to reproduce internally. So if you do have to manually re-authenticate in 2019.2 please let me know.

We've been working very hard to develop a seamless connection with ArcGIS Online. I've detailed all the issues and fixes I am aware of here https://knowledge.safe.com/articles/99956/arcgis-online-connection-troublshooting.html

If you have any questions please let me know.

Hi Sienna,

We're using FME Server 2019.2.3.2 Build 19825 - win64 and we still need to manually re-authenticate. Has there been any more progress on this topic?

Thanks!

tnarladni
Rank
Badge +9

Thanks Sienna,

We are in the process of upgrading to 2019.2 but we will not know the results for a few months when it normally times out.

We upgraded to build 19817 (2020.2.2) and have not had to refresh the token since March.

siennaatsafe
Rank
Badge +9

Hi Sienna,

We're using FME Server 2019.2.3.2 Build 19825 - win64 and we still need to manually re-authenticate. Has there been any more progress on this topic?

Thanks!

Hi @danielwebb,

We haven't updated anything since build 19806. How often are you using your AGOL connection? How often do you need to re-authorize your connection?

H
Badge

Hi @siennaatsafe​ , I'm using ArcGIS Portal Feature service Reader/Writer and I'm seeing similar behavior. The job runs on FME Server 2020. At the beginning of the month stops running, some kind of manual intervention occurred (I assume it was my colleague troubleshooting the issue and running the job manually) and the job had run successfully again for another 3-4 weeks.

 

Could you please confirm/deny this could be the case so I can rule out this as a possible cause?

 

Thank you

siennaatsafe
Rank
Badge +9

Hi @siennaatsafe​ , I'm using ArcGIS Portal Feature service Reader/Writer and I'm seeing similar behavior. The job runs on FME Server 2020. At the beginning of the month stops running, some kind of manual intervention occurred (I assume it was my colleague troubleshooting the issue and running the job manually) and the job had run successfully again for another 3-4 weeks.

 

Could you please confirm/deny this could be the case so I can rule out this as a possible cause?

 

Thank you

Hi @honkovam​ ,

 

It could be a similar issue. What authentication are you using in the ArcGIS Portal Feature service Reader/Writer? Are you using a web connection?

 

One thing you can try is extending the OAuth refresh token in your portal. https://enterprise.arcgis.com/en/portal/latest/administer/linux/specify-the-default-token-expiration-time.htm#:~:text=The%20default%20expiration%20time%20is,used%20until%20the%20token%20expires

H
Badge

Hi @honkovam​ ,

 

It could be a similar issue. What authentication are you using in the ArcGIS Portal Feature service Reader/Writer? Are you using a web connection?

 

One thing you can try is extending the OAuth refresh token in your portal. https://enterprise.arcgis.com/en/portal/latest/administer/linux/specify-the-default-token-expiration-time.htm#:~:text=The%20default%20expiration%20time%20is,used%20until%20the%20token%20expires

Hi @siennaatsafe​,

I am using the Generate Token option as Authentication Type (ArcGIS Portal built in user).

Thank you

siennaatsafe
Rank
Badge +9

Hi @honkovam​ ,

 

It could be a similar issue. What authentication are you using in the ArcGIS Portal Feature service Reader/Writer? Are you using a web connection?

 

One thing you can try is extending the OAuth refresh token in your portal. https://enterprise.arcgis.com/en/portal/latest/administer/linux/specify-the-default-token-expiration-time.htm#:~:text=The%20default%20expiration%20time%20is,used%20until%20the%20token%20expires

Hi @honkovam​ ,

 

Thank you for letting me know. I don't believe that this issue would affect you then. This issue is specifically an issue with an OAuth type of connection. The generate token, doesn't require a refresh token. It just gets a new access token each time.

 

You could try changing the expiry of your access tokens to see if that helps https://enterprise.arcgis.com/en/portal/latest/administer/linux/specify-the-default-token-expiration-time.htm#:~:text=The%20default%20expiration%20time%20is,used%20until%20the%20token%20expires

 

Reply


Community Stats

28,670
Posts
109,364
Replies
36,531
Members
Terms & ConditionsCookie settings
A product of
Safe Software respectfully acknowledges that we live, learn and work on the traditional and unceded territories of the Kwantlen, Katzie, and Semiahmoo First Nations.