diff --git a/location-services/connecting-to-a-portal.qmd b/location-services/connecting-to-a-portal.qmd index 1f75e87..6bc7d65 100644 --- a/location-services/connecting-to-a-portal.qmd +++ b/location-services/connecting-to-a-portal.qmd @@ -12,9 +12,6 @@ In order to create content or interact with non-public items in ArcGIS Online or Items in ArcGIS Online and ArcGIS Enterprise can be unshared (accessible only to the item owner) or shared to groups, your organization, or everyone (![](images/sharing-public.png){width=30%}). [Learn more about Sharing here.](https://doc.arcgis.com/en/arcgis-online/share-maps/share-items.htm) Read and write access to an item is controlled by the owner-specified sharing level, organizational security settings, and the accessing user's [privileges](https://doc.arcgis.com/en/arcgis-online/administer/roles.htm). ::: -:::{.callout-warning} -If you modify environment variables or switch the active portal in ArcGIS Pro in the workflows below, you will need to restart your R session before proceeding. -::: ## Authorization with OAuth2 @@ -63,13 +60,16 @@ By default, packages in the `{arcgis}` metapackage are configured to work with A - **`ARCGIS_CLIENT`** and **`ARCGIS_SECRET`** environment variables are used only in the `auth_client()` OAuth2 client flow authorization. See the [article on authorization](https://r-arcgis.github.io/arcgislayers/articles/Authorization.html) for more. -- **`ARCGIS_TOKEN`** is used to fetch a user's access token. These are retrieved using the various `auth_` functions of `arcgisutils` and set using `set_arc_token()`. Alternatively, the `ARCGIS_TOKEN` can be set to an API key. ::: #### Setting your credentials in `.Renviron` Environment variables should _**never**_ be included in your code. Instead, they should be stored in an external environment file such as an `.Renviron` file. To modify your `.Renviron`, you can use the `usethis` package. Ensure it is installed and run the following in your text editor: +:::{.callout-warning} +If you modify environment variables you will need to restart your R session for the change to be registered. +::: + ```r usethis::edit_r_environ() ``` @@ -81,7 +81,7 @@ usethis::edit_r_environ() **User scoped** `.Renviron` files store environment variables in the user's home directory. The environment variables will be available to you in any project you open. However, if you share your project, the environment variables will not be shared with it. ::: -This will open your `.Renviron` file for you to edit. Fill in the environment variables `ARCGIS_CLIENT` and `ARCGIS_SECRET` from the content item you just created. If you are not using ArcGIS Online, ensure that your portal's host is provided to `ARCGIS_HOST`. Additionally, provide your username to `ARCGIS_USER` if you plan to publish or edit existing content. +This will open your `.Renviron` file for you to edit. Fill in the environment variables `ARCGIS_CLIENT` and `ARCGIS_SECRET` from the content item you just created. If you are not using ArcGIS Online, ensure that your portal's host is provided to `ARCGIS_HOST`. Additionally, provide your username to `ARCGIS_USER` if you plan to use username and password authentication. ```bash ARCGIS_CLIENT=your-client-id @@ -143,29 +143,31 @@ token Authorization tokens are temporary and will expire. If you encounter an invalid token error, you might need to generate a new token. ::: -We now need to set this token to the `ARCGIS_SECRET` environment variable. We do this with `set_arc_token()`. +To make this token easily accessible to `{arcgis}`, use `set_arc_token()` which sets the token in dedicated authorization token environment. ```r set_arc_token(token) -#> Token set to environment variable `ARCGIS_TOKEN` ``` #### Client flow -Alternatively, we can authorize using the client OAuth2 flow. This will authorize the application we created and not ourselves. Because of this, we cannot use the client flow to create or modify content. +Alternatively, you can authorize using the client OAuth2 flow. This will authorize the application you created and not ourselves. Because of this, you cannot use the client flow to create or modify content. The client flow has the benefit of being non-interactive, though. ```r token <- auth_client() set_arc_token(token) -#> Token set to environment variable `ARCGIS_TOKEN` ``` ## Authorization with Named User -Authorizing using an ArcGIS Online or ArcGIS Enterprise [username and password](https://developers.arcgis.com/documentation/mapping-apis-and-services/security/user-authentication/) is a legacy method that is supported for cases where OAuth2 is not implemented. As a reminder, credentials should never be stored in plaintext in code. +Authorizing using an ArcGIS Online or ArcGIS Enterprise [username and password](https://developers.arcgis.com/documentation/mapping-apis-and-services/security/user-authentication/direct-username-password/) is a legacy method that is supported for cases where OAuth2 is not implemented. As a reminder, credentials should never be stored in plaintext in code. + +:::{.callout-important} +**Security consideration**: Obtaining an access token with this method will expose the username and password credentials as plain text and could present a potential security risk. +::: ```r token <- auth_user( @@ -175,7 +177,6 @@ token <- auth_user( expiration = 60 ) set_arc_token(token) -#> Token set to environment variable `ARCGIS_TOKEN` ``` ## Authorization with ArcGIS Pro and `{arcgisbinding}` @@ -185,7 +186,6 @@ If you are a user of ArcGIS Pro and have **arcgisbinding** installed, you can us ```r token <- auth_binding() set_arc_token(token) -#> Token set to environment variable `ARCGIS_TOKEN` ``` This method retrieves the token from the *active* portal in ArcGIS Pro. Make sure that you are logged into the intended portal and that it is set as active. If you switch which portal is active in ArcGIS Pro, you will need to restart your R session for the new portal to be recognized by `auth_binding()`.