I am migrating a 3.x Enterprise ArcGIS Server Javascript application to 4.x. The application adds secured FeatureLayer layers to the map using a service token that was generated by a separate process.
In the 3.x application, this token was simply passed in the "token" query string parameter, like this:
new esri.layers.FeatureLayer("https://blahblah/MapServer/1?token=abc123");
However, in 4.x (JavaScript SDK), this is deprecated and it seems they want the token to be passed inside an "X-Esri-Authentication" Bearer token (HTTP header), as described in the documentation here:
https://enterprise.arcgis.com/en/server/latest/administer/windows/about-arcgis-tokens.htm
The issue I'm having is that I don't see a way to actually add that header. All the documentation talks about using EsriRequest, which is not what I'm doing here.
I tried to use the IdentityManager like this:
IdentityManager.registerToken({
server: "https://example.com/bar/rest/services",
token: "<the generated token string here>"
});
...and this doesn't throw any errors, but it doesn't do anything else, either. To be sure, I captured the traffic with Fiddler and searched for the token and the token wasn't found anywhere for the above code snippet.
I've found a few community posts from people asking this same question, as well as some older questions here on StackOverflow (but those are old enough where people just suggest adding the "token" to the query string). The documentation simply doesn't cover this very well, so has anyone done this specific setup yet?
