Skip to content

Commit 6e9650a

Browse files
author
allan
committed
fix: instructions for client secret pair
1 parent 87fe589 commit 6e9650a

File tree

1 file changed

+23
-4
lines changed

1 file changed

+23
-4
lines changed

docs/faq.md

Lines changed: 23 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -24,17 +24,36 @@ A diagram of the rules for determining whether a local or remote target is used
2424

2525
## How can I obtain a Viya client and secret?
2626

27-
For setting up the client / secret you will need the services of an administrator (a user with admin rights on the physical machine) as they need to query a protected file (the consul token). The client must have the 'authorization_code' grant type. If you are building a standalone application, it is also recommended to increase the expiry period of the refresh token to avoid manual re-authentications. The default expiry is 24 hours for an access token, and 30 days for a refresh token. This can be extended up to around 60 or 70 years.
27+
For setting up the client / secret you will need the services of an administrator (a user with admin rights on the physical machine) as they need to query a protected file (the consul token). The client must be created with the 'authorization_code' grant type. If you are building a standalone application, it is also recommended to increase the expiry period of the refresh token to avoid manual re-authentications. The default expiry is 24 hours for an access token, and 30 days for a refresh token. This can be extended up to around 60 or 70 years.
2828

29-
SASjs provides two tools to make this easy:
29+
## Viya 2025
3030

31-
### Viya Token Web App
31+
The latest instructions are available [here](https://developer.sas.com/docs/rest-apis/getting-started/authentication). Our recommended approach is to use the browser as follows:
32+
33+
1. Open the following url as an administrator: `https://<sas-server>/SASLogon/oauth/authorize?client_id=sas.cli&response_type=token`
34+
2. This will redirect to a new url. Extract the `access_token` parameter and use it in the query below:
35+
36+
37+
```bash
38+
curl -k -X POST "https://viya-f0g8ht62vq.engage.sas.com/SASLogon/oauth/clients" \
39+
-H "Content-Type: application/json" \
40+
-H "Authorization: Bearer VERY_LONG_ACCESS_TOKEN_FROM_STEP_ABOVE" \
41+
-d '{"client_id": "YOUR_CLIENT","client_secret": "YOUR_SECRET","scope": ["openid"],"authorized_grant_types": ["authorization_code","refresh_token"], "redirect_uri": "urn:ietf:wg:oauth:2.0:oob"}'
42+
```
43+
44+
This will create a YOUR_CLIENT and YOUR_SECRET client/secret pair using the authorization_code grant type (suitable for SASjs).
45+
46+
### Legacy Tools
47+
48+
SASjs provides two legacy tools for older versions of Viya:
49+
50+
**Viya Token Web App**
3251

3352
This is a web app for configuring a client & secret in multiple ways. Only valid for Viya 3.5
3453

3554
To deploy, see here: [https://sasjs.io/apps/#viya-client-token-generator](https://sasjs.io/apps/#viya-client-token-generator)
3655

37-
### Viya Token Macros
56+
**Viya Token Macros**
3857

3958
You can also generate a client / secret (and access / refresh token) using SAS code, on both Viya 3.5 and Viya 4, using the [mv_registerclient](https://core.sasjs.io/mv__registerclient_8sas.html) macro.
4059

0 commit comments

Comments
 (0)