BookmarkSubscribeRSS Feed
alepage
Barite | Level 11

Hello,

 

we were asked to switch from the use of an api token to a bearer token.

I would like to know how to secure the client_secret and the client_id macro value in a manner that they are not visible no were , special ly into the log file and the SAS will remember those values when the macro function BearerToken will be triggered.

Here's the content of the include statement (the values are truncated for safety purpose)

options nonotes nosource nosymbolgen;

%let client_secret=...OQ2JpllUr5xAapIH72YNUOrrVBDbs;
%let client_id=...ae890;

The macro function BearerToken

 

%include ".../Credentials.sas";

%macro BearerToken(client_id, client_secret);
options source notes ;
/* Example of call: %BearerToken(&client_id., &client_secret.); */


/* For debugging only ! Reading the input values 
%put reading the input values: &=client_id &=client_secret;
*/

/**** Converting the Client_id and the client_secret using base64 encoder to obtain the corresponding Basic Authentication value  ***/
data _null_;
  length newString $200.;
  newString=cats("&client_id.",":","&client_secret.");
  call symputx('Basic_Auth',put(trim(newString),$base64x300.),'g');
run;

/* For debugging only !
%put &=Basic_Auth;
*/


/* Sending the Basic Authentication value to the appropriate web site, via an API call to obtain the Bearer_token ****/

options set=SSLREQCERT="allow";
filename resp temp;

/* must include content-type/CT= option */
proc http 
 url="https://ca1.qualtrics.com/oauth2/token"
 method='POST'
 AUTH_BASIC
 AUTH_NEGOTIATE
 ct="application/x-www-form-urlencoded"
/* in='grant_type=client_credentials&scope=read:survey_responses read:users'*/
 in='grant_type=client_credentials&scope=manage:all'
 out=resp;
 headers "Authorization" = "Basic &Basic_Auth."; 
;
run;
/* Checking the log for the API Call */

%put &=SYS_PROCHTTP_STATUS_CODE;
data _null_;
 rc=jsonpp('resp','log');
run;

/* Getting the Bearer Token */

libname auth json fileref=resp;
%global Bearertimer_start BTExpIn; 
data test;
 set auth.root;
 %let Bearertimer_start = %sysfunc(datetime());
 call symputx('BearerToken',access_token,'g');
 call symput('BTExpIn',expires_in);
 call symputx('BearerTokenValid','Yes','g');
run;

%mend BearerToken;
%BearerToken(&client_id., &client_secret.);

 

Then the ValidateBearerToken

 

%macro validateBearerToken;
%put "The inital validity period for the Bearer Token is:  &=BTExpIn seconds";
Data _null_;
dur = datetime() - &Bearertimer_start;
BearerToken_Remaining_time=&BTExpIn. - dur;
put "The elapsed time is :" dur;
put "the Bearer token will remain valid for :" BearerToken_Remaining_time " seconds";
if BearerToken_Remaining_time < 3500 then call execute("%nrstr(%BearerToken(&client_id., &client_secret.);)");
run;
%put &=BearerTokenValid;
%mend validateBearerToken;
%validateBearerToken;

 

 

 

SAS INNOVATE 2024

Innovate_SAS_Blue.png

Registration is open! SAS is returning to Vegas for an AI and analytics experience like no other! Whether you're an executive, manager, end user or SAS partner, SAS Innovate is designed for everyone on your team. Register for just $495 by 12/31/2023.

If you are interested in speaking, there is still time to submit a session idea. More details are posted on the website. 

Register now!

SAS Enterprise Guide vs. SAS Studio

What’s the difference between SAS Enterprise Guide and SAS Studio? How are they similar? Just ask SAS’ Danny Modlin.

Find more tutorials on the SAS Users YouTube channel.

Get the $99 certification deal.jpg

 

 

Back in the Classroom!

Select SAS Training centers are offering in-person courses. View upcoming courses for:

View all other training opportunities.

Discussion stats
  • 0 replies
  • 238 views
  • 0 likes
  • 1 in conversation