cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
David971
‎03-27-2025
  • 4 Posts
  • 2 Likes Given
  • 0 Solutions
  • 0 Likes Received

Re: How to Submit Jobs in Viya 4 Using Client Credentials?

by Fluorite | Level 6 in Developers
‎02-12-2025 07:50 AM
‎02-12-2025 07:50 AM
Thanks for sharing the Jupyter notebooks and Python examples! I have a quick question—do I need to get the refresh token using Python for this to work? Or can I alternatively register the client and obtain the access token and refresh token using curl commands with the authorization code, then use the refresh token in a Python script? Or does everything have to be done in Python as shown in the notebook? ... View more

Re: How to Submit Jobs in Viya 4 Using Client Credentials?

by Fluorite | Level 6 in Developers
‎02-10-2025 10:25 AM
‎02-10-2025 10:25 AM
Hi, @joeFurbee    I’ve been working on setting up a client using the authorization grant type. While I’ve successfully made it work using cURL commands, I’m encountering an issue when implementing it in Python. Here’s my code: import requests url = "https://example.demo.sas.com/SASLogon/oauth/token" payload = { "grant_type": "refresh_token", "refresh_token": "<my_refresh_token>" } headers = { "Content-Type": "application/x-www-form-urlencoded" } auth = (testclient, "<clientsecret>") response = requests.post(url, data=payload, headers=headers, auth=auth)   I get the error:  401 Client Error  Scopes are  "uaa.user", "openid", "SASAdministrator". Authorities is "SASAdministrator".    I have checked and i am using the valid clientid and clientsecret.    ... View more

Re: How to Submit Jobs in Viya 4 Using Client Credentials?

by Fluorite | Level 6 in Developers
‎02-07-2025 03:53 AM
‎02-07-2025 03:53 AM
Hi @joeFurbee    I can confirm that all of those API calls succeeded with my client credentials.  ... View more

How to Submit Jobs in Viya 4 Using Client Credentials?

by Fluorite | Level 6 in Developers
‎02-06-2025 03:29 AM
‎02-06-2025 03:29 AM
I am trying to configure a client to run jobs in Viya 4. I followed the steps in this blog: https://blogs.sas.com/content/sgf/2023/02/07/authentication-to-sas-viya/ Here is the relevant configuration of my client:   { "scope": ["uaa.none"], "client_id": "newclient", "authorized_grant_types": ["client_credentials"], "authorities": ["SASAdministrators"], } I successfully obtain an access token using this client. However, when I use the token to submit a job request:   import requests url = "http://example.com/jobExecution/jobRequests/{jobRequestId}/jobs" payload = "" headers = { "Delegate-Domain": "<MyAuthTokenDomain>", "Content-Type": "application/json", "Authorization": "Bearer <ACCESS-TOKEN>", "Accept": "application/json" } response = requests.post(url, data=payload, headers=headers)   I get the following error: { "errorCode": 0, "message": "OAuth2 user authentication is required for Delegate-Domain header", "details": ["path: /jobExecution/jobRequests/{jobid}/jobs"], "links": [], "version": 2, "httpStatusCode": 401 } However, if I remove the  Delegate-Domain header, the request succeeds (HTTP 201), but the job in Environment Manager -> Jobs and Flows fails with:   "invalid user: 'newclient'" (error code 30081)   Related to Credentials Microservice? I came across this blog, which explains how the Credentials Microservice determines identity types and manages credentials. It mentions that: Custom applications should be registered as part of a group so that credentials can be managed for them. The default authentication domain ( DefaultAuth ) is used unless configured otherwise ( sas.compute.domain.default ). In my case: The  sas.compute.domain.defaultis  currently set to DefaultAuth, but no users have credentials associated with it. Instead, a Token Authentication Domain has been created, which is managed by a service account. This Token Authentication Domain is what the client includes in the Delegate-Domain header when submitting a job request. The service account has granted the Token Authentication Domain credentials to the SASAdministrators group, which my client (newclient) is a member of. Questions: Should the request to submit the job include the Delegate-Domain header when using the client_credentials grant? If so, how can I avoid the error:"OAuth2 user authentication is required for Delegate-Domain header" Would changing  sas.compute.domain.defaultis  to the Token Authentication Domain allow my client to make use of the Token Authentication Domain in order to submit jobs successfully? If I make this change, would it grant excessive permissions to all users in the application? Is there a more secure way to configure this? Is there a better way to associate my client with valid credentials so it can submit jobs correctly? ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎03-27-2025 06:19 AM
Likes given to
View All
Quick links
OSZAR »