BookmarkSubscribeRSS Feed
alepage
Barite | Level 11

Hello,

 

we were asked to switch from the use of an api token to a bearer token.

I would like to know how to secure the client_secret and the client_id macro value in a manner that they are not visible no were , special ly into the log file and the SAS will remember those values when the macro function BearerToken will be triggered.

Here's the content of the include statement (the values are truncated for safety purpose)

options nonotes nosource nosymbolgen;

%let client_secret=...OQ2JpllUr5xAapIH72YNUOrrVBDbs;
%let client_id=...ae890;

The macro function BearerToken

 

%include ".../Credentials.sas";

%macro BearerToken(client_id, client_secret);
options source notes ;
/* Example of call: %BearerToken(&client_id., &client_secret.); */


/* For debugging only ! Reading the input values 
%put reading the input values: &=client_id &=client_secret;
*/

/**** Converting the Client_id and the client_secret using base64 encoder to obtain the corresponding Basic Authentication value  ***/
data _null_;
  length newString $200.;
  newString=cats("&client_id.",":","&client_secret.");
  call symputx('Basic_Auth',put(trim(newString),$base64x300.),'g');
run;

/* For debugging only !
%put &=Basic_Auth;
*/


/* Sending the Basic Authentication value to the appropriate web site, via an API call to obtain the Bearer_token ****/

options set=SSLREQCERT="allow";
filename resp temp;

/* must include content-type/CT= option */
proc http 
 url="https://ca1.qualtrics.com/oauth2/token"
 method='POST'
 AUTH_BASIC
 AUTH_NEGOTIATE
 ct="application/x-www-form-urlencoded"
/* in='grant_type=client_credentials&scope=read:survey_responses read:users'*/
 in='grant_type=client_credentials&scope=manage:all'
 out=resp;
 headers "Authorization" = "Basic &Basic_Auth."; 
;
run;
/* Checking the log for the API Call */

%put &=SYS_PROCHTTP_STATUS_CODE;
data _null_;
 rc=jsonpp('resp','log');
run;

/* Getting the Bearer Token */

libname auth json fileref=resp;
%global Bearertimer_start BTExpIn; 
data test;
 set auth.root;
 %let Bearertimer_start = %sysfunc(datetime());
 call symputx('BearerToken',access_token,'g');
 call symput('BTExpIn',expires_in);
 call symputx('BearerTokenValid','Yes','g');
run;

%mend BearerToken;
%BearerToken(&client_id., &client_secret.);

 

Then the ValidateBearerToken

 

%macro validateBearerToken;
%put "The inital validity period for the Bearer Token is:  &=BTExpIn seconds";
Data _null_;
dur = datetime() - &Bearertimer_start;
BearerToken_Remaining_time=&BTExpIn. - dur;
put "The elapsed time is :" dur;
put "the Bearer token will remain valid for :" BearerToken_Remaining_time " seconds";
if BearerToken_Remaining_time < 3500 then call execute("%nrstr(%BearerToken(&client_id., &client_secret.);)");
run;
%put &=BearerTokenValid;
%mend validateBearerToken;
%validateBearerToken;

 

 

 

SAS Innovate 2025: Call for Content

Are you ready for the spotlight? We're accepting content ideas for SAS Innovate 2025 to be held May 6-9 in Orlando, FL. The call is open until September 16. Read more here about why you should contribute and what is in it for you!

Submit your idea!

SAS Enterprise Guide vs. SAS Studio

What’s the difference between SAS Enterprise Guide and SAS Studio? How are they similar? Just ask SAS’ Danny Modlin.

Find more tutorials on the SAS Users YouTube channel.

Click image to register for webinarClick image to register for webinar

Classroom Training Available!

Select SAS Training centers are offering in-person courses. View upcoming courses for:

View all other training opportunities.

Discussion stats
  • 0 replies
  • 419 views
  • 0 likes
  • 1 in conversation