topic Re: Getting a reliable Oauth2 session id for JES front end html page running inside of Visual Analyt in Developers

Getting a reliable Oauth2 session id for JES front end html page running inside of Visual Analytics

eneidam — Tue, 12 Jul 2022 21:52:32 GMT

I'm trying to create a front end html page which contains a form to collect information necessary to submit a JES job. The form contains dynamically generated select lists based on lookup tables stored in CAS. The oauth "client_credentials" flow works fine when executed in SAS Studio, but fails to get a valid session id when running the same job html within a web content object in Visual Analytics. It seems the session information returned from the request is different depending on where the job's html is run. In SAS Studio, a single session id is returned and works fine. In VA, a collection is returned and I'm trying to get a session id, but the id is not valid for any downstream data requests.

The code used to get the session Id with a valid access token (Viya 3.5):

async function getCASSession(accessToken) { // Define request header object var reqHeader = new Headers(); reqHeader.append("Authorization", "Bearer " + accessToken); reqHeader.append("Content-Type", "application/vnd.sas.cas.session+json"); reqHeader.append("Accept", "application/json"); // Fetch the session id with a valid access token try { const response = await fetch('https://MyReportServer/casManagement/servers/cas-shared-default/sessions', { method: 'GET', headers: reqHeader }); // Test the fetch response if (!response.ok) { const message = `Fetch error with status code: ${response.status}`; throw new Error(message); } // Process and return the response const sessionData = await response.json(); // The session id may be returned in a collection when running inside VA if (sessionData.id === undefined) { var sessionId = sessionData.items[0].id; } else { var sessionId = sessionData.id; } // Log out data and session id // console.log(sessionData); console.log(`The session identifier is: ${sessionId}`); // Return the session id return sessionId; // Trap errors in the fetched data } catch (err) { console.log(`Error: Could not acquire the CAS session. ${err}`); } } // end getCASSession

In SAS Studio a single session id is returned as is used for subsequent api calls to get data.

In VA a collection is returned but the session is not valid when trying to use it.

{
  "error": "Unknown session.",
  "code": "SessionUnknown",
  "details": "59f4b7eb-c000-2e49-8b02-f4b3fcde3b51",
  "disposition": null
}

Any insight or help would be much appreciated.

Re: Getting a reliable Oauth2 session id for JES front end html page running inside of Visual Analyt

joeFurbee — Wed, 13 Jul 2022 19:49:27 GMT

Hi @eneidam,

When you're running the form from within JES web app or SAS Studio, you're connecting directly to SAS and hence there's only one session id. When you move to the web content VA object, you're now considered outside and multiple session ids are created when calling the html form. So you get a collection on sessions back instead of one.

One thing to try is to create the session yourself and then use that session id. In the JavaScript code you presented you do a GET on

/casManagement/servers/cas-shared-default/sessions

If you change the GET to a POST, you'll create a session. Could you try that? Then capture the session id created and use it in your subsequent calls to CAS?

I hope this helps. Let me know the results and we'll proceed from there.

Re: Getting a reliable Oauth2 session id for JES front end html page running inside of Visual Analyt

eneidam — Wed, 13 Jul 2022 21:07:51 GMT

Hi Joe,

Using the post to create a new session was my original path. I tried again from scratch, going back to Postman to check to see that everything was working OK. I'm able to create and use a session outside of VA. I get an http 403 error on the create session request when trying to run the same code when the job's web page is launched inside of VA. As a side note, once the error occurs, I cannot go back into SAS Studio and run the job again. The session request hits an http 403 error again. I must log off completely to clear and start over again.

Thanks,

Re: Getting a reliable Oauth2 session id for JES front end html page running inside of Visual Analyt

joeFurbee — Thu, 14 Jul 2022 02:08:12 GMT

Thanks for the info, Ed. I'll run your scenario by a few VA SMEs and see what they say / recommend.

Re: Getting a reliable Oauth2 session id for JES front end html page running inside of Visual Analyt

eneidam — Wed, 20 Jul 2022 19:43:30 GMT

I've tried all 3 authentication flows: password, client credentials and auth code. I could get all working OK in SAS Studio and the JobExecution web app. No go if trying to run the job form in VA. Opening a track with support.

Re: Getting a reliable Oauth2 session id for JES front end html page running inside of Visual Analyt

Mickey_SAS — Tue, 23 Aug 2022 17:49:50 GMT

I worked with Ed on this one through a support ticket. The 403 errors were due to CSRF protections on the microservice, as the service was then expecting a CSRF token for the POST request. To allow the call to work, it was necessary to modify the code a bit to retrieve a CSRF token from /casManagement via a HEAD request, and then include it on the subsequent POST request to the same endpoint. The code snippet added was below.

const csrfResponse = await fetch('/casManagement', {

method: 'HEAD'

});

// Test the fetch response

if (!csrfResponse.ok) {

const message = `Fetch error with status code: ${csrfResponse.status}`;

throw new Error(message);

}

var csrfToken = csrfResponse.headers.get("X-CSRF-TOKEN");

// Define request header object

var reqHeader = new Headers();

reqHeader.append("Authorization", "Bearer " + accessToken);

reqHeader.append("Content-Type", "application/vnd.sas.cas.session+json");

reqHeader.append("Accept", "application/vnd.sas.cas.session+json");

reqHeader.append("X-CSRF-TOKEN", csrfToken );

// Fetch the session id with a valid access token

try {

const response = await fetch('/casManagement/servers/cas-shared-default/sessions', {

method: 'POST',

headers: reqHeader,

redirect: 'follow'

});

......