We have a service on a secure server. It's available through a proxy; the service layers from the proxy can be added to an ArcGIS Online map and viewed, but not edited. It throws an error message saying they are not edittable because they are not available for arcgis.com. It's the same when I try to use the service directly – I get prompted for password, but I still can't edit.
Documentation seems to suggest trusting the service to bypass the proxy. However, all we have achieved yet was to avoid being prompted for password – however, there's no authentication working, so we can't get to the service neither. What are we missing?
The service supports CORS and allows our arcgis.com account (Access-Control-Allow-Origin: organization.maps.arcgis.com). After logging into the original server through REST API, I could add few features, so the REST endpoint is fully working.
EDIT: we use basic (HTTP Basic Auth or Web-Tier authentication), not token-based authentication. Sorry for not mentioning it in the beginning.
Best Answer
I have done this in the past, but I authenticated the secured service from our own server on the ArcGIS Online side. In my case, I just needed a single Feature Service to be used in an AGOL app. Not quite the same workflow, but it worked. Here are the steps I followed:
Once it has uploaded and shared, all requests to the service will start with
http://utility.arcgis.com/usrsvcs/servers/. I believe this is acting as a proxy on AGOL to communicate with the secured service.And it even shows as logged in at the REST endpoint on AGOL with the credentials you provided:
You should now be able to publicly consume and edit this in an AGOL app.