SAS USER FORUM NORWAY 2017 USER FORUM. Show Off Your OAuth Authenticating to Web Services in SAS

Similar documents
Mobile Procurement REST API (MOBPROC): Access Tokens

Using OAuth 2.0 to Access ionbiz APIs

WEB API. Nuki Home Solutions GmbH. Münzgrabenstraße 92/ Graz Austria F

Web Metrics at Scale: Using Base SAS to Access Google Analytics APIs

Usage of "OAuth2" policy action in CentraSite and Mediator

Tutorial: Building the Services Ecosystem

A SAS Macro Utility to Modify and Validate RTF Outputs for Regional Analyses Jagan Mohan Achi, PPD, Austin, TX Joshua N. Winters, PPD, Rochester, NY

Advanced API Security

Integrating with ClearPass HTTP APIs

Protect Your API with OAuth 2. Rob Allen

NIELSEN API PORTAL USER REGISTRATION GUIDE

API Gateway. Version 7.5.1

Aruba Central Application Programming Interface

OAuth and OpenID Connect (IN PLAIN ENGLISH)

GPII Security. Washington DC, November 2015

INTEGRATION MANUAL DOCUMENTATION E-COMMERCE

PowerExchange for Facebook: How to Configure Open Authentication using the OAuth Utility

What s New in GoAnywhere MFT 5.7

OpenID Connect Opens the Door to SAS Viya APIs

Exploring Web Services with SAS

Salesforce IoT REST API Getting Started Guide

SAS Viya 3.3 Administration: Authentication

Connect. explained. Vladimir Dzhuvinov. :

Oracle Fusion Middleware. API Gateway OAuth User Guide 11g Release 2 ( )

SAS Event Stream Processing 4.2: Security

Connecting To Twitter & Google+ Using Python

Gmail Integration for Salesforce and Dynamics 365

Authentication in the Cloud. Stefan Seelmann

The production version of your service API must be served over HTTPS.

About 1. Chapter 1: Getting started with odata 2. Remarks 2. Examples 2. Installation or Setup 2. Odata- The Best way to Rest 2

Identity and Data Access: OpenID & OAuth

ovirt SSO Specification

Leveraging the Security of AWS's Own APIs for Your App. Brian Wagner Solutions Architect Serverless Web Day June 23, 2016

Cloud object storage : the right way. Orit Wasserman Open Source Summit 2018

User Directories. Overview, Pros and Cons

SignHero API v2. Protocol Design Principles. API Key Authentication

Stateless Microservice Security via JWT, TomEE and MicroProfile

Connect Your Clouds with Force.com

Start To Develop THE NEXT LEVEL

Azure Archival Installation Guide

Oracle Fusion Middleware. Oracle API Gateway OAuth User Guide 11g Release 2 ( )

Using Keycloak to Provide Authentication, Authorization, and Identity Management Services for Your Gateway

Volante NACHA ISO20022 Validator AMI User Guide

Box Connector. Version 2.0. User Guide

FAS Authorization Server - OpenID Connect Onboarding

Get the Most Out of GoAnywhere: Achieving Cloud File Transfers and Integrations

FAS Authorization Server - OpenID Connect Onboarding

Salesforce Files Connect Implementation Guide

Integrate Salesforce. EventTracker v8.x and above

E POSTBUSINESS API Login-API Reference. Version 1.1

Xerox Connect App for Blackboard

ClickToCall SkypeTest Documentation

fredag 7 september 12 OpenID Connect

NetIQ Access Manager 4.3. REST API Guide

Info Input Express Network Edition

Performance Platform Documentation

Microsoft Graph API Deep Dive

Using OpenID/OAuth to access Federated Data Services

NetIQ Access Manager 4.4. REST API Guide

HKWirelessHD API Specification

Let SAS Help You Easily Find and Access Your Folders and Files

for Salesforce Question-to-Case Connector

Enhancing cloud applications by using external authentication services. 2015, 2016 IBM Corporation

OAuth 2.0 Guide. ForgeRock Access Management 5.5. ForgeRock AS 201 Mission St, Suite 2900 San Francisco, CA 94105, USA (US)

ArcGIS Enterprise Security: An Introduction. Gregory Ponto & Jeff Smith

TELIA OPERATOR SERVICE PLATFORM

SAS Viya 3.4 Administration: Authentication

How to set up VMware Unified Access Gateway with OPSWAT MetaAccess Client

Compute Service: A RESTful Approach to the SAS Programming Environment

API Security Management SENTINET

Disclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no commitme

Building the Modern Research Data Portal using the Globus Platform. Rachana Ananthakrishnan GlobusWorld 2017

IBM Security Access Manager Version 9.0 October Product overview IBM

API Security Management with Sentinet SENTINET

Inland Revenue. Build Pack. Identity and Access Services. Date: 04/09/2017 Version: 1.5 IN CONFIDENCE

RESTful Web Services. 20-Jan Gordon Dickens Chariot Solutions

6/29/ :38 AM 1

TACHO ONLINE API. TUNGVOGNSSPECIALISTEN APS Københavnsvej 265, DK-4000 Roskilde

If the presented credentials are valid server will respond with a success response:

Building the Modern Research Data Portal. Developer Tutorial

Access Manager 4.4 Service Pack 1 Release Notes

SAS Event Stream Processing 4.3: Security

OAuth App Impersonation Attack

The PureEngage Cloud API. Jim Crespino Director, Developer Enablement

EMS Platform Services Installation & Configuration Guides

This paper introduces the security policies, practices, and procedures of Lucidchart.

Leveraging the Globus Platform in your Web Applications. GlobusWorld April 26, 2018 Greg Nawrocki

Adding Users to Existing Match My Account

Writing REST APIs with OpenAPI and Swagger Ada

ProfileUnity with FlexApp Technology

Generate and download a Doxxy report

Getting notified by the Microsoft Graph with Webhooks. Elio Struyf U2U MVP September 9th, 2017

Symantec Endpoint Protection Manager Quick Integration Guide. for PacketFence version 7.4.0

What s New in GoAnywhere MFT 5.6?

Black Box DCX3000 / DCX1000 Using the API

Libelium Cloud Hive. Technical Guide

Creating relying party clients using the Nimbus OAuth 2.0 SDK with OpenID Connect extensions

Liferay Security Features Overview. How Liferay Approaches Security

Spring Social: For the New Web of APIs

Neos Google Analytics Integration

Transcription:

SAS USER FORUM USER FORUM Show Off Your OAuth

Who am I? Show Off Your Oauth My name is Jon Kolstad and I work as a Senior Technical Architect at SAS Institute Norway. Some of the things I do include: Planning of SAS Deployments, Installation and Custom Configuration of SAS Solutions Optimizing SAS and how SAS interacts with other components in the Enterprise Architecture

So you have SAS, what can you do with it? Virtually no limit to what you can build in SAS However, there are many online services already built that you are probably already using Online services that have an API makes programmatically access possible Find new uses for your SAS data! Get data from new sources into SAS!

Some examples of Web Services with API Online storage Box, Dropbox Cloud services Google, AWS, Azure Salesforce Soundcloud, Spotify

Security in Web Services TLS/SSL encryption for data in transit Application Authorization Client Authentication Industry standards OpenID, OAuth 1.0/2.0 Custom solutions Tokens, HTTP Basic

OAuth A security protocol that enables users to grant third-party access to their web resources without sharing Roles The Third-Party Application: "Client" The API: "Resource Server" The Authorization Server The User: "Resource Owner"

Configuring access to the resource follows a the valet-key principle. With a valet-key your car Can only be driven for 5 minutes Is only accessible by the doors, not the trunk Provide limited access to only the resources you define The valet-key in OAuth is essentially a token string The token string is included in an HTTP header All HTTP requests to the resource must have this header

How to get started? Find a useful service online Look for Developer or API access methods Follow the guidelines on configuring API access Demo Example using Google APIs to access Google Drive Same approach for all G-Suite services, Google Cloud Services

You need a valid Google account Go to https://console.developers.google.com/apis/library

Configure a project (an application)

The client ID will be used in a third-party client The client secret should be stored in a file accessible by your third-party client In this demo, the third-party client is in both cases a SAS program When trying the demo on your own these two will be unique to you Make sure you update the SAS example code with your own values

Get an access code filename resptext TEMP; filename resphdrs TEMP; %let auth_url=https://accounts.google.com/o/oauth2/v2/auth; %let client_id=484191315007-0id1rs7nasllprpks5e1jo8tb3dcfqom.apps.googleusercontent.com; %let redirect_uri=urn:ietf:wg:oauth:2.0:oob; %let drive_scope=https://www.googleapis.com/auth/drive; %let url=&auth_url.?client_id=&client_id.%nrstr(&redirect_uri)=&redirect_uri.%nrstr(&res ponse_type=code&scope=openid%20email)%20&drive_scope.&state=security_token); proc http url="&url" headerout=resphdrs out=resptext; run; data _null_; infile resphdrs length=len scanover truncover; input @'Location: ' loc $varying1024. len; call symput('location',trim(loc)); put "&location"; run; options noxsync noxwait; x "start """" ""&location.""";

Complete the steps in a browser

Note the one-time code Repeat if you need a new code

%let code=4/t-3medrknb5ubifycrbz3j6cmhgxgs4wscb_wbaieki; /* You also need the application code returned by Google when you created the application /* /* This code may be stored in a file */ filename sec "C:\Users\norjko\Documents\SAS Forum Norway\secret.dat"; data _null_; length str $1024; fid = fopen("sec"); rc = fread(fid); rc = fget(fid, str, 256); call symput("client_secret",trim(str)); rc = fclose(fid); run; /* HTTP request for access_token, a token is valid for 1 hour (3600 seconds) */ filename resptext TEMP; filename resphdrs TEMP; proc http url="https://www.googleapis.com/oauth2/v4/token" method="post" out=resptext headerout=resphdrs ct="application/x-www-form-urlencoded" in="code=&code.%nrstr(&client_id)=&client_id.%nrstr(&client_secret)=&client_secret. %nrstr(&redirect_uri)=&redirect_uri.&grant_type=authorization_code"; run; %let client_secret=; data _null_; infile resphdrs truncover scanover length=len; input @'"access_token": ' t $varying1024. len; token = dequote(t); call symput("access_token",trim(token)); put "&access_token"; run;

Download the file filename sample "C:\Users\norjko\Documents\SAS Forum Norway\README.TXT"; proc http url="https://www.googleapis.com/drive/v3/files/0b3dpzxfkiv8ievjmb2hvt2kzz2c?alt=med ia" out=sample; headers "Authorization" = "Bearer &access_token"; run;

Generate some content in SAS ods rtf file="c:\users\norjko\documents\sas Forum Norway\CLASS Data.rtf"; title "Listing of CLASS Data"; proc print data=sashelp.class; run; ods rtf close;

Build HTTP request for upload to Drive filename file "C:\Users\norjko\Documents\SAS Forum Norway\CLASS Data.rtf"; filename request TEMP; %let boundary=foobar; /* Build the multipart request */ data _null_; infile file end=eof; file request; /* for each file we are sending, we need to add some special headers at the beginning*/ if _n_ = 1 then do; put "--foobar"; /* This separates each data piece as a separate entity. Must start with -- */ put "Content-Type: application/json"; put ; /* Must end with a CRLF signaling that what comes next is the actual entity */ put '{'; put '"name": "CLASS Data.rtf"'; put '}'; put ; put "--foobar"; put "Content-Type: application/rtf"; put ; end; input; put _infile_; /* add the actual file to be sent*/ /* the end of the multipart blob needs to be terminated */ if eof then do; put ; /* Must have a CRLF*/ put "--foobar--"; /* must start and end with --*/ end; run;

Complete the HTTP request and send it data _null_; length bytes $1024; fid = fopen("request"); rc = fread(fid); bytes = finfo(fid, 'File Size (bytes)'); call symput("content_length",trim(bytes)); rc = fclose(fid); put bytes; run; proc http method="post" url="https://www.googleapis.com/upload/drive/v3/files?uploadtype=multipart" in = request out = resptext headerout = resphdrs; headers "Authorization" = "Bearer &access_token" "Content-Type" = "multipart/related; boundary=&boundary" "Content-Length" = "&content_length"; run;

Additional Inspiration https://developers.google.com/products/ https://dev.twitter.com/ https://developers.facebook.com/ This presentation was inspired by a SGF 17 paper by Joseph Henry http://support.sas.com/resources/papers/proceedings17/sas0224-2017.pdf Other related SAS papers http://support.sas.com/resources/papers/proceedings16/sas6363-2016.pdf http://support.sas.com/resources/papers/proceedings17/0993-2017.pdf

Thank you for attending!

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback