Updated the vanilla JS demo.

demos/oauth2-browser/.gitignore

@@ -0,0 +1 @@
+config.js

demos/oauth2-browser/README.md

@@ -0,0 +1,12 @@
+# ArcGIS Rest JS / Vanilla JS Demo
+
+This demo uses Vanilla JS to implement OAuth2 using
+the `arcgis-rest-js` libraries.
+
+## Running this demo
+1. Like all the other demo apps, run `npm run bootstrap` in the root directory.
+1. Register a new application using [https://developers.arcgis.com](https://developers.arcgis.com).
+1. Add a redirect URL of `http://localhost:8080` to your new app.
+1. Either copy the `config.js.template` file and rename it to `config.js` with your own ClientID or supply it in the prompt when the app is launched.
+1. Run `npm start` to spin up the development server.
+1. Visit [http://localhost:8080](http://localhost:8080).

demos/oauth2-browser/authenticate.html

@@ -0,0 +1,29 @@
+<!DOCTYPE html>
+<html lang="en">
+  <head>
+    <meta charset="utf-8">
+    <title>ArcGIS Rest JS Vanilla JS</title>
+    <link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css" integrity="sha384-BVYiiSIFeK1dGmJRAkycuHAHRg32OmUcww7on3RYdg4Va+PmSTsz/K68vbdEjh4u" crossorigin="anonymous">
+    <link rel="stylesheet" href="./style.css">
+  </head>
+  <body>
+    <script src="node_modules/@esri/arcgis-rest-request/dist/umd/arcgis-rest-request.umd.js"></script>
+    <script src="node_modules/@esri/arcgis-rest-auth/dist/umd/arcgis-rest-auth.umd.js"></script>
+    <script>
+      // in a production app, clientID would be hardcoded. we're uusing a regex so that developers can pass one in at runtime.
+      const match = window.location.href.match(
+        /clientID=(.+)#/
+      );
+      const clientId = match[1];
+      let session;
+      function processAuthentication() {        
+        window.location.href = '/';
+        session = arcgisRest.UserSession.completeOAuth2({
+          clientId,
+        });
+        localStorage.setItem('__ARCGIS_REST_USER_SESSION__', session.serialize());
+      }
+      processAuthentication();
+    </script>
+  </body>
+</html>

demos/oauth2-browser/config.js.template

@@ -0,0 +1,6 @@
+/*
+You can generate your own clientid by creating an application on the ArcGIS for Developers site. Be sure to add http://localhost:8080/ as a redirect uri for your application
+
+once you have a clientid of your own, copy/paste it here and rename this file 'config.js'
+*/
+const clientId = "abc123"

demos/oauth2-browser/index.html

@@ -0,0 +1,201 @@
+<!DOCTYPE html>
+<html lang="en">
+  <head>
+    <meta charset="utf-8">
+    <title>ArcGIS REST JS Browser OAuth2</title>
+    <link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css" integrity="sha384-BVYiiSIFeK1dGmJRAkycuHAHRg32OmUcww7on3RYdg4Va+PmSTsz/K68vbdEjh4u" crossorigin="anonymous">
+    <link rel="stylesheet" href="./style.css">
+  </head>
+  <body>
+    <div id="app-wrapper">
+      <div class="jumbotron">
+        <div class="container">
+          <div id="page-header" class="row">
+            <div id="logo-container" class="col-sm-3">
+              <img id="logo" src="./logo.svg">
+            </div>
+            <div class="col-sm-9">
+              <h2>
+                ArcGIS REST JS Browser OAuth2
+              </h2>
+              <p>
+                An application demonstrating browser-based named user login.
+              </p>
+            </div>
+          </div>
+        </div>
+      </div>
+      <div class="container">
+        <div class="row">
+          <div class="col-xs-12">
+            <div id="clientIdGroup" class="form-group">
+              <label class="control-label">ClientID</label>
+              <!-- This is input required for the app. -->
+              <input
+                id="clientId"
+                type="text"
+                class="form-control"
+                placeholder="Client ID"
+              >
+            </div>
+            <p class="help-block">
+              You can generate your own clientid by creating an application on the
+              <a target='_blank' href='https://developers.arcgis.com/documentation/core-concepts/security-and-authentication/browser-based-user-logins/'>
+                ArcGIS for Developers
+              </a>
+              website. Be sure to add
+              <code id="redirect_uri">
+                <!-- Redirect URI will be injected here. -->
+              </code>
+              as a redirect uri for your application.
+            </p>
+          </div>
+        </div>
+        <div class="row">
+          <div class="col-xs-6">
+            <!-- Event listeners will be added to these buttons. -->
+            <button class="btn btn-primary btn-block" id='withPopupButton'>Sign In (with popup)</button>
+          </div>
+          <div class="col-xs-6">
+            <button class="btn btn-primary btn-block" id='inlineRedirectButton'>Sign In (inline redirect)</button>
+          </div>
+        </div>
+
+        <div class="row">
+          <div class="col-xs-12 text-center">
+            <p id="sessionInfo" class="info-panel">
+              <!-- Information will be injected here. -->
+            </p>
+          </div>
+        </div>
+
+        <div class="row">
+          <div class="col-xs-3">
+          </div>
+          <div class="col-xs-6 text-center">
+            <!-- Event listeners will be added to these buttons. -->
+            <button class="btn btn-primary btn-block btn-warning" id='signOutButton'>Sign Out</button>
+          </div>
+          <div class="col-xs-3">
+          </div>
+        </div>
+      </div>
+    </div>
+
+    <!-- pull clientid from config.js if present -->
+    <script src="config.js"></script>
+    <script src="node_modules/@esri/arcgis-rest-request/dist/umd/arcgis-rest-request.umd.js"></script>
+    <script src="node_modules/@esri/arcgis-rest-auth/dist/umd/arcgis-rest-auth.umd.js"></script>
+    <script>
+      // Define a global session variable.
+      let session = null;
+
+      // Check to see if there is a serialized session in local storage.
+      const serializedSession = localStorage.getItem('__ARCGIS_REST_USER_SESSION__');
+      if (serializedSession !== null && serializedSession !== "undefined") {
+        // If there is a serialized session, parse it and create a new session object.
+        let parsed = JSON.parse(serializedSession);
+        // Cast the tokenExpires property back into a date.
+        parsed.tokenExpires = new Date(parsed.tokenExpires);
+        // Create the new session object.
+        session = new arcgisRest.UserSession(parsed);
+        // console.log(session);
+        // Update the UI.
+        document.getElementById('clientId').value = session.clientId;
+
+        // Clear the previous session.
+        localStorage.removeItem('__ARCGIS_REST_USER_SESSION__');
+      }
+
+      // Define the variable used for the redirect uri.
+      const redirect_uri = `${window.location.origin}${window.location.pathname}`;
+      // Inject that value into the page text.
+      document.getElementById('redirect_uri').innerHTML = redirect_uri;
+
+      // Function to check that a client id is present.
+      function requireClientId() {
+        // Pull out the client id. 
+        if (document.getElementById('clientId').value !== "") {
+          clientId = document.getElementById('clientId').value
+        }
+
+        // if a clientId is not provided via config.js or entered manually, return false
+        if (!clientId) {
+          document.getElementById('clientIdGroup').classList.add('has-error');
+          return false;
+        }
+        // Otherwise return true and clear any errors.
+        document.getElementById('clientIdGroup').classList.remove('has-error');
+        return true;
+      }
+
+      // Attach a listener to validate the client id on change.
+      document.getElementById('clientId').addEventListener('input', (event) => {
+        requireClientId();
+      });
+
+      // Function to update the UI with session info.
+      function updateSessionInfo(session) {
+        let sessionInfo = document.getElementById('sessionInfo')
+        if (session) {
+          sessionInfo.classList.remove('bg-info');
+          sessionInfo.classList.add('bg-success');
+          sessionInfo.innerHTML = `Logged in as ${session.username}.`;
+          localStorage.setItem('__ARCGIS_REST_USER_SESSION__', session.serialize());
+        } else {
+          sessionInfo.classList.remove('bg-success');
+          sessionInfo.classList.add('bg-info');
+          sessionInfo.innerHTML = 'Log in using one of the methods above to start a session.';
+        }
+      }
+
+      // Call the function on page load to set current state.
+      updateSessionInfo(session);
+
+      // Attach a listener to the sign in buttons.
+      document.getElementById('withPopupButton').addEventListener('click', (event) => {
+        event.preventDefault();
+        if (requireClientId()) {
+
+          // Begin an OAuth2 login using a popup.
+          arcgisRest.UserSession.beginOAuth2({
+            clientId,
+            redirectUri: `${redirect_uri}authenticate.html?clientID=${clientId}`,
+            popup: true,
+          }).then((newSession) => {
+            // Upon a successful login, update the session with the new session.
+            session = newSession;
+            console.log(session);
+            updateSessionInfo(session);
+          }).catch(error => {
+            console.log(error);
+          });
+        }
+      });
+
+      // Attach a listener to the sign in buttons.
+      document.getElementById('inlineRedirectButton').addEventListener('click', (event) => {
+        event.preventDefault();
+        if (requireClientId()) {
+          // let clientId = document.getElementById('clientId').value || configClientId;
+          // Begin an OAuth2 login without a popup.
+          arcgisRest.UserSession.beginOAuth2({
+            clientId,
+            redirectUri: `${redirect_uri}authenticate.html?clientID=${clientId}`,
+            popup: false,
+          });
+        }
+      });
+
+      // Attach a listener to the sign in buttons.
+      document.getElementById('signOutButton').addEventListener('click', (event) => {
+        event.preventDefault();
+
+        // Clear the previous session.
+        session = null;
+        localStorage.removeItem('__ARCGIS_REST_USER_SESSION__');
+        updateSessionInfo();
+      });
+    </script>
+  </body>
+</html>

demos/oauth2-browser/style.css

@@ -0,0 +1,36 @@
+html, body {
+  width: 100%;
+  height: 100%;
+}
+
+.row {
+  margin-bottom: 25px;
+}
+
+.jumbotron {
+  padding-top: 0px;
+  padding-bottom: 0px;
+}
+
+#logo-container {
+  display: flex;
+  justify-content: center;
+  align-content: center;
+}
+#logo {
+  width: 125px;
+  height: 125px;
+  padding: 12.5px;
+}
+
+.info-panel{
+  padding: 15px;
+}
+
+.loading-table {
+  width: 100%;
+  height: 150px;
+  display: flex;
+  align-content: center;
+  justify-content: center;
+}