BookmarkSubscribeRSS Feed
🔒 This topic is solved and locked. Need further help from the community? Please sign in and ask a new question.
khandelwalanmol
Fluorite | Level 6

I have been working on calling an API to fetch access token.

Here is my Http code

options set=SSL_USE_SNI="0" set=SSL_SNI_HOSTNAME="sandbox.bcda.cms.gov"  ;
proc http
   		url="https://sandbox.bcda.cms.gov/auth/token" AUTH_BASIC
   		WEBUSERNAME="&client_id."
   		WEBPASSWORD="&client_secret."
   		out=apitoken
   		method="POST";
 		
   		headers "Accept"="application/json";
	run;

Here is the error i have been getting.

ERROR: OpenSSL error 336134278 (0x14090086) occurred in SSL_connect/accept at line 5388, the error message is "error:14090086:SSL
routines:ssl3_get_server_certificate:certificate verify failed".
ERROR: Secure communications error status 807ff008 description "OpenSSL error 336134278 (0x14090086) occurred in SSL_connect/accept
at line 5388, the error message is "error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed"."
ERROR: Encryption run-time execution error
ERROR: Call to tcpSockContinueSSL failed.

Any suggestions what could be the possible issue.

1 ACCEPTED SOLUTION

Accepted Solutions
joeFurbee
Community Manager

 Hi @khandelwalanmol,

I'm adding three code blocks to this, one for each grant_type: authorization code, client credentials, and password. You can read more about client registration and creating access tokens in my blog post Authentication to SAS Viya: a couple of approaches. All three grant types are covered in the post.

 

In your original code, I think you were attempting to use the password grant type. While the example I list below will work, please note that this is not secure and is being discouraged for use by the industry. Note that you must declare an authorization grant type when registering a client, so each of these code blocks would require a separate client id.

 

Authorization code

filename out TEMP;
proc http url="https://sasserver.sas.com/SASLogon/oauth/token#authorization_code" 
method="POST" 
in='client_id=sasclient&client_secret=sasclientecret&grant_type=authorization_code&code=Mkm63aVEun'
out=out;
headers "Accept"="application/json";
run;

%put The return code is: &SYS_PROCHTTP_STATUS_CODE.;

data _null_;
infile out;
input;
put _infile_;
run;

Values to update: url, client_id, client_secret, code

 

Client Credentials

code sample from this thread

filename resp temp;

/* must include content-type/CT= option */
proc http 
 url="https://serviceaddress/oauth/access_token"
 in='grant_type=client_credentials&client_id=XXXXXXXX&client_secret=YYYYYYYY' 
 ct="application/x-www-form-urlencoded"
 out=resp
 method='POST'
;
run;

Values to update: url, client_id, client_secret

 

Password

code sample from this thread

filename out TEMP;
proc http url="https://sasserver.sas.com/SASLogon/oauth/token#password" 
method="POST" 
auth_basic
Webusername="client_id"
webpassword="client_secret"
in='grant_type=password&username=viya_user&password=viya_password'
out=out;
headers "Accept"="application/json";
run;

%put return code is: &SYS_PROCHTTP_STATUS_CODE.;

data _null_;
infile out;
input;
put _infile_;
run;

Values to update: url, Webusername, Webpassword

 

Hope this helps,

Joe


Join us for SAS Community Trivia
SAS Bowl XLVI, Causal Analysis
Wednesday, December 18, 2024, at 10 a.m. ET | #SASBowl

View solution in original post

4 REPLIES 4
joeFurbee
Community Manager

Hi @khandelwalanmol,

Sorry for the delay. I just saw this question. Let me take a look in my environment and see if I can get it to work.


Join us for SAS Community Trivia
SAS Bowl XLVI, Causal Analysis
Wednesday, December 18, 2024, at 10 a.m. ET | #SASBowl

joeFurbee
Community Manager

 Hi @khandelwalanmol,

I'm adding three code blocks to this, one for each grant_type: authorization code, client credentials, and password. You can read more about client registration and creating access tokens in my blog post Authentication to SAS Viya: a couple of approaches. All three grant types are covered in the post.

 

In your original code, I think you were attempting to use the password grant type. While the example I list below will work, please note that this is not secure and is being discouraged for use by the industry. Note that you must declare an authorization grant type when registering a client, so each of these code blocks would require a separate client id.

 

Authorization code

filename out TEMP;
proc http url="https://sasserver.sas.com/SASLogon/oauth/token#authorization_code" 
method="POST" 
in='client_id=sasclient&client_secret=sasclientecret&grant_type=authorization_code&code=Mkm63aVEun'
out=out;
headers "Accept"="application/json";
run;

%put The return code is: &SYS_PROCHTTP_STATUS_CODE.;

data _null_;
infile out;
input;
put _infile_;
run;

Values to update: url, client_id, client_secret, code

 

Client Credentials

code sample from this thread

filename resp temp;

/* must include content-type/CT= option */
proc http 
 url="https://serviceaddress/oauth/access_token"
 in='grant_type=client_credentials&client_id=XXXXXXXX&client_secret=YYYYYYYY' 
 ct="application/x-www-form-urlencoded"
 out=resp
 method='POST'
;
run;

Values to update: url, client_id, client_secret

 

Password

code sample from this thread

filename out TEMP;
proc http url="https://sasserver.sas.com/SASLogon/oauth/token#password" 
method="POST" 
auth_basic
Webusername="client_id"
webpassword="client_secret"
in='grant_type=password&username=viya_user&password=viya_password'
out=out;
headers "Accept"="application/json";
run;

%put return code is: &SYS_PROCHTTP_STATUS_CODE.;

data _null_;
infile out;
input;
put _infile_;
run;

Values to update: url, Webusername, Webpassword

 

Hope this helps,

Joe


Join us for SAS Community Trivia
SAS Bowl XLVI, Causal Analysis
Wednesday, December 18, 2024, at 10 a.m. ET | #SASBowl

AllanBowe
Barite | Level 11

I didn't realise the OP was referring to Viya

 

But if so, there are some ready made macros in SASjs for client registration, authentication & refresh:

 

https://core.sasjs.io/mv__registerclient_8sas.html 

https://core.sasjs.io/mv__tokenauth_8sas.html

https://core.sasjs.io/mv__tokenrefresh_8sas.html 

/Allan
SAS Challenges - SASensei
MacroCore library for app developers
SAS networking events (BeLux, Germany, UK&I)

Data Workflows, Data Contracts, Data Lineage, Drag & drop excel EUCs to SAS 9 & Viya - Data Controller
DevOps and AppDev on SAS 9 / Viya / Base SAS - SASjs
joeFurbee
Community Manager

Hi @khandelwalanmol

I wanted to check if you were able to attempt the suggestions made in the replies to your post. If you have further issues, please let us know; otherwise, you can mark the thread as resolved.

 

Thanks,

Joe


Join us for SAS Community Trivia
SAS Bowl XLVI, Causal Analysis
Wednesday, December 18, 2024, at 10 a.m. ET | #SASBowl

SAS Innovate 2025: Register Now

Registration is now open for SAS Innovate 2025 , our biggest and most exciting global event of the year! Join us in Orlando, FL, May 6-9.
Sign up by Dec. 31 to get the 2024 rate of just $495.
Register now!

How to Concatenate Values

Learn how use the CAT functions in SAS to join values from multiple variables into a single value.

Find more tutorials on the SAS Users YouTube channel.

SAS Training: Just a Click Away

 Ready to level-up your skills? Choose your own adventure.

Browse our catalog!

Discussion stats
  • 4 replies
  • 1413 views
  • 2 likes
  • 3 in conversation