Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

PKI Authentication #162

Open
bchileen opened this issue Mar 6, 2024 · 4 comments
Open

PKI Authentication #162

bchileen opened this issue Mar 6, 2024 · 4 comments
Labels
enhancement New feature or request

Comments

@bchileen
Copy link

bchileen commented Mar 6, 2024

Is there any way to support PKI authentication for Portal instances? My organization uses PKI so we are unable to go through OAuth2. Super excited about this work and happy to see it gaining momentum. Thanks!

-BCM
@bchileen bchileen added the enhancement New feature or request label Mar 6, 2024
@JosiahParry
Copy link
Collaborator

No, not yet! It's definitely out of my wheelhouse--and mainly just not documented for the REST API!

Have you tried using auth_user() I suspect it still doesn't work for you.

Will you be using this from a machine that has Pro installed?

🤔

@bchileen
Copy link
Author

bchileen commented Mar 6, 2024

I did try authenticating through Pro with my portal account that required the PKI auth and it couldn't pass the credentials through/make the request. I got the following error:

token <-auth_binding()
set_arc_token(token) publish_layer(FA, "MVRFATEST")
Error in httr2::req_perform():
! HTTP 401 Unauthorized.
Run rlang::last_trace() to see where the error occurred.

rlang::last_trace()
<error/httr2_http_401>
Error in httr2::req_perform():
! HTTP 401 Unauthorized.

Backtrace:

  1. └─arcgislayers::publish_layer(FA, "MVRFATEST")
  2. ├─rlang::inject(add_item(x, title, token = token, !!!adtl_args))
  3. └─arcgislayers::add_item(x, title, token = token)
  4. └─httr2::req_perform(req_body)

I was successful using my AGOL which is OAuth2, my plan was just to point my portal to that layer if I couldn't do a direct host.

@JosiahParry
Copy link
Collaborator

JosiahParry commented Mar 6, 2024
edited
Loading

Interesting! So it looks like the token you got with auth_binding() is valid but you might not have publisher privileges on that portal? 401 tells me that the request went through but the service said 🛑
scratch that, i think you're right.

Would you mind providing a reprex with the auth binding?

Like so:

reprex::reprex({
  library(arcgis)
  token <- auth_binding()
  set_arc_token(token) 
  
  nc <- sf::st_read(system.file("shape", "nc.shp"))
  
  publish_layer(nc, "publish testing")
})

@bchileen
Copy link
Author

bchileen commented Mar 6, 2024 

library(sf)
#> Linking to GEOS 3.11.2, GDAL 3.7.2, PROJ 9.3.0; sf_use_s2() is TRUE
library(arcgis)
#> Attaching core arcgis packages:
#>   - {arcgisutils} v0.2.0
#>   - {arcgislayers} v0.2.0
library(arcgisutils)
library(arcgislayers)
library(reprex)
nc <- st_read(system.file("shape/nc.shp", package="sf"))
#> Reading layer `nc' from data source 
#>   using driver `ESRI Shapefile'
#> Simple feature collection with 100 features and 14 fields
#> Geometry type: MULTIPOLYGON
#> Dimension:     XY
#> Bounding box:  xmin: -84.32385 ymin: 33.88199 xmax: -75.45698 ymax: 36.58965
#> Geodetic CRS:  NAD27
token <-arcgisutils::auth_binding()
##This is pulling from ArcPro Desktop v. 3.2.0 with patch 3.2.2 with a PKI Authenticated portal set as the active portal.
##User role/permissions on the portal are administrator/creator
arcgisutils::set_arc_token(token)
arcgislayers::publish_layer(nc, "nc publish test")
#> Error in `httr2::req_perform()`:
#> ! HTTP 401 Unauthorized.

Created on 2024-03-06 with reprex v2.1.0

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@JosiahParry @bchileen