BookmarkSubscribeRSS Feed
SAS Employee


I'm looking for samples, how to manage external app integration with Viya.

In our scenario, external app and Viya 3.5 are configured

to authenticate with third party OAuth Authentication provider (Microsoft ADFS).


The scenario goes like this:

1. User logs into external app.

2. External app goes to the OAuth provider to authenticate user and obtain OAuth token.

3. User is loged into the external app.

4. External app calls Viya REST API to get list of the folders and reports on behalf of the user.


And here I'm stuck.


How should I register external app as the client in Viya?

I've found some examples how to register client:


    curl -X POST "https://localhost/SASLogon/oauth/clients" \
        -H "Content-Type: application/json" \
        -H "Authorization: Bearer <access-token-goes-here>" \
        -d '{
          "client_id": "app",
          "client_secret": "<secret-goes-here>",
          "scope": ["openid"],
          "authorized_grant_types": ["password"],
          "access_token_validity": 43199

But as far as I understand, in this type of registration,

the external app in order to get access token for the resource,

it need to provide user name and password in the subsequent call, like in this example:

   curl -X POST "" \
      -H "Content-Type: application/x-www-form-urlencoded" \
      -d "grant_type=password&username=<user-id>&password=<password>" \
      -u "app:mysecret"


But in our scenario, the app has only OAuth token, not the password.

Documentation say, that there are some other types of authorized grants

in the client registration call (I suppose Token Grant would fit my case)

but I can't find the example.

And documentation also say, that currently only the user:password grant is supported.


I would be grateful for advice/examples, how to register client

and how to obtain access token from SASLogon having only OAuth token in hand.






Community Manager

Hi @JacekGuzek,

I'll point out several resources that will help you out with understanding the authentication options and process. 


There are three authorization grant_types to consider: password (not recommended in anything other than a dev/test env), authorization code, and client_credentials. I'd recommend exploring the latter two. You can find a technical overview of all the options in @MikeRoda 's SASGF paper Behind the Front Door: Authentication Options with SAS Viya. There is also the Configuring Your SAS Environment for API Use and Authentication and Access Tokens sections of the SAS Viya Rest APIs Getting Started page.  


Additionally, a blog post I wrote, Authentication to SAS Viya: a couple of approaches outlines the password and authorization code process. Further, you can refer to the series by @tarastclair, Building custom apps on top of SAS Viya, particularly Part Four, Examples


Finally, when reading through these resources remember:  exactly how you implement authentication depends heavily on the language your application was developed in and your your technical architecture and security paradigm.

Join us for SAS Community Trivia
SAS Bowl XXXVI, Data Simulation
Wednesday, December 13, 2023, at 10 a.m. ET | #SASBowl

Barite | Level 11

hi @JacekGuzek ,


@joeFurbee has provided an excellent answer with some authoritative resources.  I wanted to let you know about two more options for generating client / secret pairs with the various options available:


1) The SASjs Viya Token generator


This is a SASjs streamed-web app that gives you an interface for creating a client with various scopes (the SAS groups are ready-fetched) and options.

To deploy, just run these two lines of code and open the link from the log:


filename vt url  "";
%inc vt;

2) The SASjs Macro Core library


This contains a macro for generating the client / secret pair.  It's documented here:


To execute:

%* compile macros;
filename mc url "";
%inc mc;

%* specific client with just openid scope;


SAS Challenges - SASensei
MacroCore library for app developers
SAS networking events (BeLux, Germany, UK&I)

Data Workflows, Data Contracts, Data Lineage, Drag & drop excel EUCs to SAS 9 & Viya - Data Controller
DevOps and AppDev on SAS 9 / Viya / Base SAS - SASjs
SAS Employee

Since your external app and SAS Viya are both using single sign-on to an external OIDC provider, you can make this work very well by configuring SAS Viya with Automatic Redirect so your users don't see the login page at all. See this link:


Next question is:  Is your external app calling the Viya APIs from the browser client (javascript) or the server?  If from the browser client, you need not register a client at all. Just call the Viya APIs from the browser client. Those requests will be redirected around for authentication and use single sign-on, eventually coming back with the json you want. Read the section "Browser based applications" in the SGF paper that Joe linked to. 


There is also a SAS Visual Analytics SDK that helps with this, particularly if you did have to deal with the login page coming up. See this link:


If your external app is making calls to the SAS Viya APIs from the server, you will probably want to register that app as a client and use the authorization_code grant_type.

SAS Employee

Thank you all for your replies and guidance.

We will be exploring the options described.

So far I managed to register client application and checked it is working using postman.

Now web app developer is investigating various scenarios

how to use it in backend app.


Kind regards,




Registration is open! SAS is returning to Vegas for an AI and analytics experience like no other! Whether you're an executive, manager, end user or SAS partner, SAS Innovate is designed for everyone on your team. Register for just $495 by 12/31/2023.

If you are interested in speaking, there is still time to submit a session idea. More details are posted on the website. 

Register now!

How to Concatenate Values

Learn how use the CAT functions in SAS to join values from multiple variables into a single value.

Find more tutorials on the SAS Users YouTube channel.

Get the $99 certification deal.jpg



Back in the Classroom!

Select SAS Training centers are offering in-person courses. View upcoming courses for:

View all other training opportunities.

Discussion stats
  • 4 replies
  • 4 in conversation