topic Re: Postman Pre-Request Authorization Script to access SAS VIYA APIs in Developers

Postman Pre-Request Authorization Script to access SAS VIYA APIs

WaelAburezeq — Mon, 08 Jun 2020 09:34:38 GMT

Hi folks,

I am referring to a Webinar published on 6th of May titled "Using SAS® APIs" at this URL: https://www.sas.com/en_us/webinars/using-sas-apis.html

I downloaded the PostMan json file and imported it, I am much concerned about Create CAS Session --> Pre-request Scripts. What do these three variables , in the following script, refer to:

Variable #1: "token_url": Is this the URL used to access SAS? or the Client.Token?

Variable #2: "encoded_id_secret" Is this the client.token, client_id, client_secret; or What???

Variable #3: "OAUTH_USERNAME" Is this the LDAP username that already have access to SAS VIYA?

pm.sendRequest({
    url: pm.environment.get("token_url")+"/SASLogon/oauth/token",
    method: 'POST',
    header: {
        'Authorization': 'Basic '+ pm.environment.get("encoded_id_secret"),
        'Accept': 'application/json',
        'Content-Type': 'application/x-www-form-urlencoded',
    },
    body: {
          mode: 'urlencoded',
          urlencoded: [
            {key: "grant_type", value: "password", disabled: false},
            {key: "username", value: pm.environment.get("OAUTH_USERNAME"), disabled: false},
            {key: "password", value: pm.environment.get("OAUTH_PASSWORD"), disabled: false}
        ]
    }
  }, function (err, res) {
        pm.environment.set("authToken", res.json().access_token);
});

Thank you,

Re: Postman Pre-Request Authorization Script to access SAS VIYA APIs

AllanBowe — Mon, 08 Jun 2020 09:50:44 GMT

Variable 1 (token_url) -> this is simply the url of your SAS Viya Server. If you are running directly on Viya, this would / could be "localhost. Postman just needs to be able to find "/SASLogon" here.

Variable 2 (encoded_id_secret) - this is the base64 encoded output from "${CLIENT_ID}:${CLIENT_SECRET}" (Basic Authentication). So, client_id + ":" + client_secret, base64 encoded. There are online generators to help you create this, eg: https://www.blitter.se/utils/basic-authentication-header-generator/

Variable 3 (OAUTH username / password) - this is the regular username / password you use to log into Viya.

Hope this helps. By the way, this approach (with embedded username / password) is known as "implicit" flow. The alternative (authorization_code) is quite similar - this article may help: https://communities.sas.com/t5/SAS-Communities-Library/Token-Management-in-HTML5-Viya-Apps/ta-p/652388

Re: Postman Pre-Request Authorization Script to access SAS VIYA APIs

WaelAburezeq — Mon, 08 Jun 2020 10:02:05 GMT

Thank you Allan for your prompt response, it is highly appreciated.

One more clarification, I already registered the client and assigned a client secret using this script:

curl -X POST "https://localhost/SASLogon/oauth/clients" \ 
      -H "Content-Type: application/json" \ 
      -H "Authorization: Bearer $access_token" \ 
       -d '{ "client_id": "app", "client_secret": "cs123secret", "scope": ["openid"], "authorized_grant_types": ["password"], "access_token_validity": 43199 }'

$access_token is coming from a script executed based on client.token file in SAS server.

My question is with regards to the variable #2: encoded_id_secret Should I just define it as app:cs123secret and it will generate the token that I will use the get method later to continue with?

Re: Postman Pre-Request Authorization Script to access SAS VIYA APIs

AllanBowe — Mon, 08 Jun 2020 10:15:47 GMT

You should take the "app" and "cs123secret" and base64 encode (eg using a site like this - https://www.blitter.se/utils/basic-authentication-header-generator/) and use the result, eg: "YXBwOmNzMTIzc2VjcmV0" in your variable.

Re: Postman Pre-Request Authorization Script to access SAS VIYA APIs

WaelAburezeq — Tue, 09 Jun 2020 21:29:43 GMT

Hi Allan,

There is one final thing as follow:

I am able to a get an access token anytime using this command on shell

curl -k -X POST "https://aeadsaswf01-afs.adfca.ae/SASLogon/oauth/token" \
-H "Content-Type: application/x-www-form-urlencoded" \
-d "grant_type=password&username=wael.k.aburizq&password=Password1" \
-u "mysasclient:Mysecret"

However, this postman pre-request script is not working knowing that "bXlzYXNjbGllbnQ6TXlzZWNyZXQ=" is coming from basic-authentication-header-generator for the above client_id and secret in the "u"

pm.sendRequest({
    url: "https://aeadsaswf01-afs.adfca.ae/SASLogon/oauth/token",
    method: 'POST',
    header: {
        'Authorization': 'Basic '+ "bXlzYXNjbGllbnQ6TXlzZWNyZXQ=",
        'Accept': 'application/json',
        'Content-Type': 'application/x-www-form-urlencoded',
    },
    body: {
          mode: 'urlencoded',
          urlencoded: [
            {key: "grant_type", value: "password", disabled: false},
            {key: "username", value: pm.environment.get("OAUTH_USERNAME"), disabled: false},
            {key: "password", value: pm.environment.get("OAUTH_PASSWORD"), disabled: false}
        ]
    }
  }, function (err, res) {
        pm.environment.set("authToken", res.json().access_token);
});

The error is:

There was an error in evaluating the Pre-request Script: Error: Unexpected token u in JSON at position 0

Re: Postman Pre-Request Authorization Script to access SAS VIYA APIs

AllanBowe — Tue, 09 Jun 2020 22:15:28 GMT

Strange. I wonder if there's something preventing implicit flow in your Environment Manager setup.

If you have the admin rights, you could get yourself a token using SASStudioV, just step through the following:

/*compile macros from macrocore library (or download and run seperately) */
filename mc url "https://raw.githubusercontent.com/macropeople/macrocore/master/mc_all.sas?_=3";
%inc mc;

/* register new client with random cliend_id & secret */
%mv_registerclient()

/* take the link from the log above, and open it in a browser */
/* then paste the auth code in the macro below and run it */
 %mv_tokenauth(code=LD39EpalOf)

This will give you an access_token and refresh_token suitable for an authorization_code approach as described here: https://communities.sas.com/t5/SAS-Communities-Library/Token-Management-in-HTML5-Viya-Apps/ta-p/652388

Re: Postman Pre-Request Authorization Script to access SAS VIYA APIs

WaelAburezeq — Wed, 10 Jun 2020 06:53:24 GMT

I see,

but the idea behind is that I will embed a REST API for a ML model into one of the local systems. This API needs an access token before it is executed, so I need to keep passing active tokens in the requests.

I hope I was able to make it more clear now

Re: Postman Pre-Request Authorization Script to access SAS VIYA APIs

joeFurbee — Wed, 10 Jun 2020 12:51:48 GMT

@WaelAburezeq,

Can you provide the results of the "Code" output from Postman and the Postman Console contents for this call?

Re: Postman Pre-Request Authorization Script to access SAS VIYA APIs

WaelAburezeq — Wed, 10 Jun 2020 14:05:09 GMT

This is the result from Postman, I just want to highlights some points:

1- The URL variable won't work unless it is added to current not only initial value in the environment variable.

2- Switching SSL off in the settings

Here is the output results, it also set the access id token <authToken> environment variable as per the code.

curl --request POST 'https://aeadsaswf01-afs.adfca.ae/casManagement/servers/cas-shared-default/sessions' \
--header 'Content-Type: application/vnd.sas.cas.session+json' \
--header 'Authorization: Bearer eyJhb...............'

The output console:

Host name is mandatory (although it is not mentioned in the code above), I chose to set it manually.

Request Headers

Content-Type: application/vnd.sas.cas.session+json

Authorization: Bearer eyJh...........

User-Agent: PostmanRuntime/7.25.0

Accept: */*

Host: aeadsaswf01-afs.adfca.ae

Accept-Encoding: gzip, deflate, br

Connection: keep-alive

Content-Length: 0

Re: Postman Pre-Request Authorization Script to access SAS VIYA APIs

joeFurbee — Wed, 29 Jul 2020 14:30:31 GMT

Hi @WaelAburezeq,

Were you ever able to get the pre-req script to run? I copied the JSON you provided in an earlier comment and was able to get an access token. Perhaps there is a stray character in your pm.sendRequest JSON that is causing the ' Error: Unexpected token u in JSON at position 0' error. The 'u' in the error represents undefined, which normally indicates a parsing error with the JSON code.

Thanks,

Joe