Clients and trusted services

Clients are typically web applications that use the Identity Service to initiate user login. They request tokens from the Identity Service and forward them to trusted services when accessing them. Clients can query the Identity Service to determine whether a URL belongs to the trusted services and how they must forward tokens to that service.

map.apps is an example of such a client. map.apps forwards tokens and cookies when querying map services in apps.

Trusted services process tokens or cookies that clients send in service requests. To do this, they validate the token or cookie with the Identity Service and query account information for the associated authenticated user, for example the assigned roles.

Trusted services that receive tokens or cookies typically include services such as ArcGIS Enterprise Server, GeoServer or security.manager OGC. They perform authorization based on the account information received.

A service that uses the Identity Service must be configured as a trusted service so that clients can obtain tokens for that service and forward them to it.

There are also components that can act as both a client and a service, for example map.apps. In addition to the web interface that acts as a client, the product also has backend components that act as a service and evaluate tokens or cookies, for example to authorize access to app configurations.