Authenticating AGOL for use in QGIS - Part 2

This is part 2 of ArcGIS authentication for use in QGIS. In this post, I will go over how to set up OAuth2 authentication which can then be used to securely connect to your AGOL content/resources in QGIS.

AGOL OAuth2 Authentication

Create new Application

Note: Requires an AGOL account with administrator privledges

  1. Log into your AGOL account.

  2. Go to the Content tab >> Click + New Item >> Select Application

3. In New Item:

  • Application Type: Select Mobile

  • URL: Type in a URL — this URL can be anything (e.g. https://qgis.org)

  • Click Next

  • Title: Give your application a name

  • Folder: select a folder where you want to save the new item

  • Tags and Summary are optional

  • Click Save to finish creating the application item

Registering the Application

  1. Once saved, you’ll see the overview page. Go to Settings

  2. In Settings, scroll down until you see the Credentials section >> Click Register Application

  3. In Register window:

    Redirect URLs:

    • localhost

    • http://127.0.0.1:7070

    • https://127.0.0.1:7070

      Application Environment: Leave as default

  4. Click Register

Once the registration is complete, you will see the application credentials. Locate the two fields: Client ID and Client Secret. You will need these values in the next step for setting up a QGIS Authentication configuration.

Creating QGIS Authentication Configuration

  1. Open QGIS, go to Settings >> Options >> Authentications

  2. Click Add new Authentication Configuration

  3. In the Authentication window:

    • Name: type in a new for your authenticaiton configuration

    • ID: unlock the “Id” field by clicking the little padlock icon, and then enter a standard ID that is a 7 alphanumberic character long (e.g. oglagol). Lock the “id” field once done.

    • Authentication Type: Select OAuth2 Authentication

    • Grant Flow: Select Authorization Code

    • Request URL: https://www.arcgis.com/sharing/rest/oauth2/authorize (could also be your own AGOL, mine is https://opengislab.maps.arcgis.com/sharing/rest/oauth2/authorize)

    • Token URL: https://www.arcgis.com/sharing/rest/oauth2/token

    • Redirect URL: leave as the default http://127.0.0.1:7070

    • Client ID: enter your Client ID from earlier

    • Client Secret: enter your Client Secret from earlier

    • Access Method: leave as default Header

    • Token Header: X-Esri-Authorization

    • Click Save and close out of Settings Options window

Connect Securely to AGOL server

  1. In QGIS, add a new ArcGIS REST server connection via the Browser panel (right click ArcGIS REST Servers>> new Connection) or via the Data Source Manager ( Layer >> Data Source Manager >> ArcGIS Rest Server >> New)

  2. In the New Server Connection window:

    • Name: give a give to your server connection

    • URL: enter your AGOL Server Rest endpoint

    • Community endpoint URL: https://www.arcgis.com/sharing/rest/community or could use your own (e.g. https://opengislab.maps.arcgis.com/sharing/rest/community)

    • Content endpoint URL: https://www.arcgis.com/sharing/rest/content or could use your own (e.g. https://opengislab.maps.arcgis.com/sharing/rest/content)

    • Configurations: Select the authentication configuration file you created earlier (e.g. OGL AGOL OAuth2)

    • Click OK

Once you connection is successful, you can see your AGOL Server in the QGIS Browser Panel. If you expand the Connection, you should see “Groups” and “Services".

  1. Clicking on either Groups or Services will bring up the AGOL sign in page in a web browser

  2. Sign in to your AGOL

NOTE: If you get a timeout error when trying to sign in to your AGOL. Quit and Re-open QGIS and try again.

NOTE: You may get a “Request for Permission” popup. If you do, click Allow.

You should now be able to see and work with your AGOL Groups and Services. Remember that what you can access on the ArcGIS REST server in QGIS is based on your AGOL user account role/privileges.

Here’s is what mine example looks like:

That’s it for this post. As always, thanks for reading. Until next time. :)

Authenticating AGOL For Use In QGIS - Part 1

I often work in a hybrid GIS environment, using both QGIS and ArcGIS/ESRI suite of software.  Most of the time, I use ArcGIS Pro which connects seamlessly to my ArcGIS Online (AGOL) content. However, there are times when I need to connect to my AGOL content from a QGIS desktop environment. It's easy to connect to a public ArcGIS REST server, but what if you want to connect to a private one?  There are a few different ways you can securely connect to an ArcGIS REST server/AGOL. Here I will show you two options: 1) token authentication , 2)  OAuth2 Authentication. The post is written in 2 parts. This is part 1.

AGOL Token Authenication

Generating a token Using Postman

There are several ways you can generate a AGOL token. I easiest and most convenient way I find is to use Postman, a popular API testing tool. You can sign up for a free account.

  1. Go to Postman site, and login or and sign up for a free account

  2. Create a new HTTP request by clicking the + button

  3. Set the following options:

    • Change the HTTP method from GET to POST

    • Set the URL to: https://www.arcgis.com/sharing/generateToken?f=json&referer=https://www.arcgis.com

    • Select the Body and x-www-form-urlencoded

    • Enter 3 Key/Value pairs:

      • username: your AGOL account username

      • password: your AGOL password

      • expiration: 20160

        NOTE: expiration is time in minutes. This is important to specify otherwise the default token expiration time is 60 minutes. Token is valid for ~14 days only - the maximum allowed by AGOL. See ArcGIS REST sharing documentation for more information on generating tokens.

  • Click Send button

4. Note the token and expiration are returned in the Response section. You will use this token in QGIS to securely connect to your AGOL resources. Note that the expiration is given in milliseconds since January 1, 1970 (UTC). If you convert this to a human readable date — it is about 14 days from when the token was generated.

Saving the AGOL Token in QGIS

  1. In QGIS (I am using QGIS 3.34), go to Settings >> Options >> Authentication

  2. In the Authentication Configurations >> Click the Add button

  3. Optional: If you have not setup a master authentication password for QGIS before, then it will prompt you to create one. Do this if needed

  4. In the new Authentication Configuration window:

    • Give a name to your authentication method

    • Select ESRI Token from the drop down list

    • Token: Copy and Paste the token (without quotes) that was generated from Postman

    • Click Save

  5. Click OK to close Settings window

Connecting Securely to ArcGIS Server using the token

  1. Add a new ArcGIS REST server connection via the Browser panel (right click ArcGIS REST Servers>> new Connection) or via the Data Source Manager ( Layer >> Data Source Manager >> ArcGIS Rest Server >> New)

  2. In the new ArcGIS REST Server Connection window:

    • Name your Connection

    • URL: enter the ArcGIS base server resource you want to connect to (eg: arcgis/rest/services or arcgis/rest/services/DemoMap/FeatureServer)

    • Select the token authentication configuration you created earlier

    • Click OK

3. If you are using the Data Source Manager then don’t forget to click the Connect button. If you’re using the Browser panel, then you should also see it listed

After connecting to the ArcGIS server you should be able to see your resource. In my example, here I connected to my base server so I can see my private (DemoMap_WF1) and public (FootprintUHSample, test) Feature Servers.

Tips for adding data to your map

  • Depending on your data, when connecting to the Feature Server you may want to check the option to only request features overlapping the current view extent.

  • Zoom into your AOI first before adding the data may help speed things up if there are a lot of data that’s being called.

Here is an example map using the data from the AGOL Feature Server I just connected to using a token.

This is it for this post. In Part 2 I will go over AGOL OAuth2 Authentication for use QGIS (which I hope to post soon).

Thanks for reading. Until next time.