BookmarkSubscribeRSS Feed
Community Manager

Developers_Lightbulb-Two-Color.pngI wanted to bring to your attention a couple of changes for SAS Viya 2023.1 concerning the use of the Consul token in client registration and the scopes and authorities attributes. I've updated my blog post Authentication to SAS Viya: a couple of approaches, which provides more details and examples. I've also updated the Python notebook script that registers a client and generates an access token.


This is a welcome change, as SAS admins no longer need SAS Viya server access to register a client.


Consul Token

The use of the SAS Configuration Server (Consul) token is no longer required to generate an access token for use in client (application) registration. Rather, a user in the SASAdministrators group can generate the token. See the blog post reference above for detailed commands.


Scopes and Authorities

The changes for scopes and authorities attributes in client registration now closely align with OpenID Connect standards.



The list of scopes allows for the client to obtain on behalf of users, when using any grant type other than “client_credentials”. For most SAS Viya APIs, “openid” and “uaa.user” are sufficient. Previously, SAS user groups were listed under scopes. Now, user groups are handled under the authorities parameter. Please note however, that the SASAdministrators group is still handled under scopes. This was done so that a user must opt-in to SASAdministrators when getting an authorization code.


For client applications that only use the grant type “client_credentials” and therefore do not act on behalf of users, use the default scope “uaa.none”.

Grant Type Recommended Values
authorization_code openid, uaa.user, (SASAdministrators in some cases)
password openid, uaa.user, (SASAdministrators in some cases)
client_credentials uaa.none



For use with "client credentials" grant type.  Authorities specify the SAS groups the tokens inherit. For “authorization_code” and “password” grants, all SAS user groups are assumed and included. You do not pass the authorities attribute when using authorization_code or password grant types.


Grant Type Recommended Values
client_credentials Explicit SAS user groups



If you have further questions, please put them in the Comments section and we'll get back to you.


Join us for SAS Community Trivia
SAS Bowl XXXVIII, SAS Programming: Getting Started
Wednesday, February 14, 2024, at 10 a.m. ET | #SASBowl


Don't miss out on SAS Innovate - Register now for the FREE Livestream!

Can't make it to Vegas? No problem! Watch our general sessions LIVE or on-demand starting April 17th. Hear from SAS execs, best-selling author Adam Grant, Hot Ones host Sean Evans, top tech journalist Kara Swisher, AI expert Cassie Kozyrkov, and the mind-blowing dance crew iLuminate! Plus, get access to over 20 breakout sessions.


Register now!

How to Concatenate Values

Learn how use the CAT functions in SAS to join values from multiple variables into a single value.

Find more tutorials on the SAS Users YouTube channel.

Click image to register for webinarClick image to register for webinar

Classroom Training Available!

Select SAS Training centers are offering in-person courses. View upcoming courses for:

View all other training opportunities.

Discussion stats
  • 0 replies
  • 1 in conversation