I am trying to use the password access token as described in this blog post (https://blogs.sas.com/content/sgf/2019/01/25/authentication-to-sas-viya/). I believe when I registered my client that I didn't list the correct group name in the scope. I get a "full authentication is required" message when I try to call an API. Is the scope supposed to include the SAS group of people who can use the APIs?
So now, I'm looking for how to update that client registration - what call do I make to update the client registration (rather than create a new one)?
Hi @jglew,
If you'd like to update the client registration you can use the SAS logon API, found under Core Services in the API reference doc. Specifically, you can update everything except the client secret by using a PUT method and the client_id. To update the secret, there is a separate endpoint.
The update API call would look simiar to:
PUT /SASLogon/oauth/clients/my.client.app Content-Type: application/json Authorization: Bearer 6eb2f....3d7 Accept: application/json Body: { "scope" : [ "clients.new", "clients.autoapprove" ], "client_id" : "my.client.app", "authorized_grant_types" : [ "client_credentials" ], "redirect_uri" : [ "http://redirect.url" ], "autoapprove" : [ "clients.autoapprove" ] }
To understand how to set the scope based on user group administration, I'd recommenr the following resources on SAS Administration concepts of Custom Groups, granting access to SAS Content, and creating authorization rules.
In addition to the blog post you referred to in your post, there is an excellent series on client registration, OAuth, and access by @tarastclair.
Thanks,
Joe
Join us for SAS Community Trivia
SAS Bowl XLIII, The New SAS Developer Portal
Wednesday, August 14, 2024, at 10 a.m. ET | #SASBowl
Hi @jglew,
If you'd like to update the client registration you can use the SAS logon API, found under Core Services in the API reference doc. Specifically, you can update everything except the client secret by using a PUT method and the client_id. To update the secret, there is a separate endpoint.
The update API call would look simiar to:
PUT /SASLogon/oauth/clients/my.client.app Content-Type: application/json Authorization: Bearer 6eb2f....3d7 Accept: application/json Body: { "scope" : [ "clients.new", "clients.autoapprove" ], "client_id" : "my.client.app", "authorized_grant_types" : [ "client_credentials" ], "redirect_uri" : [ "http://redirect.url" ], "autoapprove" : [ "clients.autoapprove" ] }
To understand how to set the scope based on user group administration, I'd recommenr the following resources on SAS Administration concepts of Custom Groups, granting access to SAS Content, and creating authorization rules.
In addition to the blog post you referred to in your post, there is an excellent series on client registration, OAuth, and access by @tarastclair.
Thanks,
Joe
Join us for SAS Community Trivia
SAS Bowl XLIII, The New SAS Developer Portal
Wednesday, August 14, 2024, at 10 a.m. ET | #SASBowl
Great! Thanks for the extra resources. They will be helpful.
I am glad to say that I got the registration to work and successfully called my first Viya api. Will definitely share any other questions/discoveries as we work on getting our app going.
Are you ready for the spotlight? We're accepting content ideas for SAS Innovate 2025 to be held May 6-9 in Orlando, FL. The call is open until September 25. Read more here about why you should contribute and what is in it for you!
Learn how use the CAT functions in SAS to join values from multiple variables into a single value.
Find more tutorials on the SAS Users YouTube channel.