Solved: Getting a reliable Oauth2 session id for JES front end html page runni...

eneidam · Posted 07-12-2022 04:07 PM

I'm trying to create a front end html page which contains a form to collect information necessary to submit a JES job. The form contains dynamically generated select lists based on lookup tables stored in CAS. The oauth "client_credentials" flow works fine when executed in SAS Studio, but fails to get a valid session id when running the same job html within a web content object in Visual Analytics. It seems the session information returned from the request is different depending on where the job's html is run. In SAS Studio, a single session id is returned and works fine. In VA, a collection is returned and I'm trying to get a session id, but the id is not valid for any downstream data requests.

The code used to get the session Id with a valid access token (Viya 3.5):

async function getCASSession(accessToken) {
    // Define request header object
    var reqHeader = new Headers();
        reqHeader.append("Authorization", "Bearer " + accessToken);
        reqHeader.append("Content-Type", "application/vnd.sas.cas.session+json");            
        reqHeader.append("Accept", "application/json");
       

        // Fetch the session id with a valid access token
        try {
            const response = await fetch('https://MyReportServer/casManagement/servers/cas-shared-default/sessions', {
                method: 'GET', 
                headers: reqHeader
            });

            // Test the fetch response
            if (!response.ok) {
                const message = `Fetch error with status code: ${response.status}`;
                throw new Error(message);
            }

            // Process and return the response
            const sessionData = await response.json();

            // The session id may be returned in a collection when running inside VA
            if (sessionData.id === undefined) {
                var sessionId = sessionData.items[0].id;               
            } else {
                var sessionId = sessionData.id; 
            }
            // Log out data and session id
            // console.log(sessionData);
            console.log(`The session identifier is: ${sessionId}`);

            // Return the session id
            return sessionId;

        // Trap errors in the fetched data
        } catch (err) {
        console.log(`Error: Could not acquire the CAS session. ${err}`);
        }

} // end getCASSession

In SAS Studio a single session id is returned as is used for subsequent api calls to get data.

In VA a collection is returned but the session is not valid when trying to use it.

{
  "error": "Unknown session.",
  "code": "SessionUnknown",
  "details": "59f4b7eb-c000-2e49-8b02-f4b3fcde3b51",
  "disposition": null
}

Any insight or help would be much appreciated.

Mickey_SAS · Posted 08-23-2022 01:49 PM

I worked with Ed on this one through a support ticket. The 403 errors were due to CSRF protections on the microservice, as the service was then expecting a CSRF token for the POST request. To allow the call to work, it was necessary to modify the code a bit to retrieve a CSRF token from /casManagement via a HEAD request, and then include it on the subsequent POST request to the same endpoint. The code snippet added was below.

const csrfResponse = await fetch('/casManagement', {

method: 'HEAD'

});

// Test the fetch response

if (!csrfResponse.ok) {

const message = `Fetch error with status code: ${csrfResponse.status}`;

throw new Error(message);

}

var csrfToken = csrfResponse.headers.get("X-CSRF-TOKEN");

// Define request header object

var reqHeader = new Headers();

reqHeader.append("Authorization", "Bearer " + accessToken);

reqHeader.append("Content-Type", "application/vnd.sas.cas.session+json");

reqHeader.append("Accept", "application/vnd.sas.cas.session+json");

reqHeader.append("X-CSRF-TOKEN", csrfToken );

// Fetch the session id with a valid access token

try {

const response = await fetch('/casManagement/servers/cas-shared-default/sessions', {

method: 'POST',

headers: reqHeader,

redirect: 'follow'

});

......

View solution in original post

joeFurbee · Posted 07-13-2022 03:49 PM

Hi @eneidam,

When you're running the form from within JES web app or SAS Studio, you're connecting directly to SAS and hence there's only one session id. When you move to the web content VA object, you're now considered outside and multiple session ids are created when calling the html form. So you get a collection on sessions back instead of one.

One thing to try is to create the session yourself and then use that session id. In the JavaScript code you presented you do a GET on

/casManagement/servers/cas-shared-default/sessions

If you change the GET to a POST, you'll create a session. Could you try that? Then capture the session id created and use it in your subsequent calls to CAS?

I hope this helps. Let me know the results and we'll proceed from there.

Join us for SAS Community Trivia
SAS Bowl XL, SAS Innovate 2024 Recap
Wednesday, May 15, 2024, at 10 a.m. ET | #SASBowl

eneidam · Posted 07-13-2022 05:07 PM

Hi Joe,

Using the post to create a new session was my original path. I tried again from scratch, going back to Postman to check to see that everything was working OK. I'm able to create and use a session outside of VA. I get an http 403 error on the create session request when trying to run the same code when the job's web page is launched inside of VA. As a side note, once the error occurs, I cannot go back into SAS Studio and run the job again. The session request hits an http 403 error again. I must log off completely to clear and start over again.

Thanks,

Ed

joeFurbee · Posted 07-13-2022 10:08 PM

Thanks for the info, Ed. I'll run your scenario by a few VA SMEs and see what they say / recommend.

Join us for SAS Community Trivia
SAS Bowl XL, SAS Innovate 2024 Recap
Wednesday, May 15, 2024, at 10 a.m. ET | #SASBowl

eneidam · Posted 07-20-2022 03:43 PM

I've tried all 3 authentication flows: password, client credentials and auth code. I could get all working OK in SAS Studio and the JobExecution web app. No go if trying to run the job form in VA. Opening a track with support.

Mickey_SAS · Posted 08-23-2022 01:49 PM

I worked with Ed on this one through a support ticket. The 403 errors were due to CSRF protections on the microservice, as the service was then expecting a CSRF token for the POST request. To allow the call to work, it was necessary to modify the code a bit to retrieve a CSRF token from /casManagement via a HEAD request, and then include it on the subsequent POST request to the same endpoint. The code snippet added was below.

const csrfResponse = await fetch('/casManagement', {

method: 'HEAD'

});

// Test the fetch response

if (!csrfResponse.ok) {

const message = `Fetch error with status code: ${csrfResponse.status}`;

throw new Error(message);

}

var csrfToken = csrfResponse.headers.get("X-CSRF-TOKEN");

// Define request header object

var reqHeader = new Headers();

reqHeader.append("Authorization", "Bearer " + accessToken);

reqHeader.append("Content-Type", "application/vnd.sas.cas.session+json");

reqHeader.append("Accept", "application/vnd.sas.cas.session+json");

reqHeader.append("X-CSRF-TOKEN", csrfToken );

// Fetch the session id with a valid access token

try {

const response = await fetch('/casManagement/servers/cas-shared-default/sessions', {

method: 'POST',

headers: reqHeader,

redirect: 'follow'

});

......

Getting a reliable Oauth2 session id for JES front end html page running inside of Visual Analytics

Re: Getting a reliable Oauth2 session id for JES front end html page running inside of Visual Analyt

Re: Getting a reliable Oauth2 session id for JES front end html page running inside of Visual Analyt

Re: Getting a reliable Oauth2 session id for JES front end html page running inside of Visual Analyt

Re: Getting a reliable Oauth2 session id for JES front end html page running inside of Visual Analyt

Re: Getting a reliable Oauth2 session id for JES front end html page running inside of Visual Analyt

Re: Getting a reliable Oauth2 session id for JES front end html page running inside of Visual Analyt

Classroom Training Available!