Upload
others
View
5
Download
0
Embed Size (px)
Citation preview
Copyright © SAS Inst itute Inc. A l l r ights reserved.
SAS® USER FORUMNORWAY 2017
USER FORUMShow Off Your OAuth
Authenticating to Web Services in SAS
SAS® USER FORUMNORWAY 2017
Copyright © SAS Inst itute Inc. A l l r ights reserved.
Show Off Your OauthAuthenticating to Web Services in SAS
• Who am I?
My name is Jon Kolstad and I work as a
Senior Technical Architect at SAS Institute Norway.
Some of the things I do include: Planning of SAS Deployments,
Installation and Custom Configuration of SAS Solutions
Optimizing SAS and how SAS interacts with other components
in the Enterprise Architecture
SAS® USER FORUMNORWAY 2017
Copyright © SAS Inst itute Inc. A l l r ights reserved.
• So you have SAS, what can you do with it?– Virtually no limit to what you can build in SAS
– However, there are many online services already built that you are probably already using
– Online services that have an API makes programmatically access possible
– Find new uses for your SAS data!
– Get data from new sources into SAS!
Show Off Your OauthAuthenticating to Web Services in SAS
SAS® USER FORUMNORWAY 2017
Copyright © SAS Inst itute Inc. A l l r ights reserved.
• Some examples of Web Services with API
– Online storage
• Box, Dropbox
– Cloud services
• Google, AWS, Azure
• Salesforce
• Soundcloud, Spotify
Show Off Your OauthAuthenticating to Web Services in SAS
SAS® USER FORUMNORWAY 2017
Copyright © SAS Inst itute Inc. A l l r ights reserved.
• Security in Web Services– TLS/SSL encryption for data in transit– Application Authorization– Client Authentication
• Industry standards– OpenID, OAuth 1.0/2.0
• Custom solutions– Tokens, HTTP Basic
Show Off Your OauthAuthenticating to Web Services in SAS
SAS® USER FORUMNORWAY 2017
Copyright © SAS Inst itute Inc. A l l r ights reserved.
• OAuth– A security protocol that enables users to grant
third-party access to their web resources without sharing
• Roles– The Third-Party Application: "Client"– The API: "Resource Server"– The Authorization Server– The User: "Resource Owner"
Show Off Your OauthAuthenticating to Web Services in SAS
SAS® USER FORUMNORWAY 2017
Copyright © SAS Inst itute Inc. A l l r ights reserved.
• Configuring access to the resource follows a the ”valet-key” principle.– With a ”valet-key” your car
• Can only be driven for 5 minutes
• Is only accessible by the doors, not the trunk
– Provide limited access to only the resources you define
• The ”valet-key” in OAuth is essentially a token string– The token string is included in an HTTP header
– All HTTP requests to the resource must have this header
Show Off Your OauthAuthenticating to Web Services in SAS
SAS® USER FORUMNORWAY 2017
Copyright © SAS Inst itute Inc. A l l r ights reserved.
• How to get started?– Find a useful service online
– Look for ”Developer” or ”API” access methods
– Follow the guidelines on configuring API access
• Demo– Example using Google APIs to access Google Drive
– Same approach for all ”G-Suite” services, Google Cloud Services
Show Off Your OauthAuthenticating to Web Services in SAS
SAS® USER FORUMNORWAY 2017
Copyright © SAS Inst itute Inc. A l l r ights reserved.
• You need a valid Google account– Go to https://console.developers.google.com/apis/library
Show Off Your OauthAuthenticating to Web Services in SAS
SAS® USER FORUMNORWAY 2017
Copyright © SAS Inst itute Inc. A l l r ights reserved.
• Configure a project (an application)
Show Off Your OauthAuthenticating to Web Services in SAS
SAS® USER FORUMNORWAY 2017
Copyright © SAS Inst itute Inc. A l l r ights reserved.
Show Off Your OauthAuthenticating to Web Services in SAS
SAS® USER FORUMNORWAY 2017
Copyright © SAS Inst itute Inc. A l l r ights reserved.
Show Off Your OauthAuthenticating to Web Services in SAS
SAS® USER FORUMNORWAY 2017
Copyright © SAS Inst itute Inc. A l l r ights reserved.
Show Off Your OauthAuthenticating to Web Services in SAS
SAS® USER FORUMNORWAY 2017
Copyright © SAS Inst itute Inc. A l l r ights reserved.
Show Off Your OauthAuthenticating to Web Services in SAS
SAS® USER FORUMNORWAY 2017
Copyright © SAS Inst itute Inc. A l l r ights reserved.
Show Off Your OauthAuthenticating to Web Services in SAS
SAS® USER FORUMNORWAY 2017
Copyright © SAS Inst itute Inc. A l l r ights reserved.
Show Off Your OauthAuthenticating to Web Services in SAS
SAS® USER FORUMNORWAY 2017
Copyright © SAS Inst itute Inc. A l l r ights reserved.
Show Off Your OauthAuthenticating to Web Services in SAS
SAS® USER FORUMNORWAY 2017
Copyright © SAS Inst itute Inc. A l l r ights reserved.
Show Off Your OauthAuthenticating to Web Services in SAS
SAS® USER FORUMNORWAY 2017
Copyright © SAS Inst itute Inc. A l l r ights reserved.
Show Off Your OauthAuthenticating to Web Services in SAS
SAS® USER FORUMNORWAY 2017
Copyright © SAS Inst itute Inc. A l l r ights reserved.
Show Off Your OauthAuthenticating to Web Services in SAS
SAS® USER FORUMNORWAY 2017
Copyright © SAS Inst itute Inc. A l l r ights reserved.
Show Off Your OauthAuthenticating to Web Services in SAS
SAS® USER FORUMNORWAY 2017
Copyright © SAS Inst itute Inc. A l l r ights reserved.
• The client ID will be used in a third-party client• The client secret should be stored in a file
accessible by your third-party client– In this demo, the third-party client is in both cases a
SAS program
• When trying the demo on your own these twowill be unique to you
• Make sure you update the SAS example codewith your own values
Show Off Your OauthAuthenticating to Web Services in SAS
SAS® USER FORUMNORWAY 2017
Copyright © SAS Inst itute Inc. A l l r ights reserved.
• Get an access code
Show Off Your OauthAuthenticating to Web Services in SAS
filename resptext TEMP;
filename resphdrs TEMP;
%let auth_url=https://accounts.google.com/o/oauth2/v2/auth;
%let client_id=484191315007-
0id1rs7nasllprpks5e1jo8tb3dcfqom.apps.googleusercontent.com;
%let redirect_uri=urn:ietf:wg:oauth:2.0:oob;
%let drive_scope=https://www.googleapis.com/auth/drive;
%let
url=&auth_url.?client_id=&client_id.%nrstr(&redirect_uri)=&redirect_uri.%nrstr(&res
ponse_type=code&scope=openid%20email)%20&drive_scope.&state=security_token);
proc http
url="&url"
headerout=resphdrs
out=resptext;
run;
data _null_;
infile resphdrs length=len scanover truncover;
input @'Location: ' loc $varying1024. len;
call symput('location',trim(loc));
put "&location";
run;
options noxsync noxwait;
x "start """" ""&location.""";
SAS® USER FORUMNORWAY 2017
Copyright © SAS Inst itute Inc. A l l r ights reserved.
• Complete the steps in a browser
Show Off Your OauthAuthenticating to Web Services in SAS
SAS® USER FORUMNORWAY 2017
Copyright © SAS Inst itute Inc. A l l r ights reserved.
Show Off Your OauthAuthenticating to Web Services in SAS
SAS® USER FORUMNORWAY 2017
Copyright © SAS Inst itute Inc. A l l r ights reserved.
Show Off Your OauthAuthenticating to Web Services in SAS
• Note the one-time code
• Repeat if you need a new code
SAS® USER FORUMNORWAY 2017
Copyright © SAS Inst itute Inc. A l l r ights reserved.
%let code=4/t-3MedRKNB5UBifYCrbz3J6cMhGXgs4WsCB_WBAIeKI;
/* You also need the application code returned by Google when you created the
application /*
/* This code may be stored in a file */
filename sec "C:\Users\norjko\Documents\SAS Forum Norway\secret.dat";
data _null_;
length str $1024;
fid = fopen("sec");
rc = fread(fid);
rc = fget(fid, str, 256);
call symput("client_secret",trim(str));
rc = fclose(fid);
run;
/* HTTP request for access_token, a token is valid for 1 hour (3600 seconds) */
filename resptext TEMP;
filename resphdrs TEMP;
proc http url="https://www.googleapis.com/oauth2/v4/token"
method="POST"
out=resptext
headerout=resphdrs
ct="application/x-www-form-urlencoded"
in="code=&code.%nrstr(&client_id)=&client_id.%nrstr(&client_secret)=&client_secret.
%nrstr(&redirect_uri)=&redirect_uri.&grant_type=authorization_code";
run;
%let client_secret=;
data _null_;
infile resphdrs truncover scanover length=len;
input @'"access_token": ' t $varying1024. len;
token = dequote(t);
call symput("access_token",trim(token));
put "&access_token";
run;
Show Off Your OauthAuthenticating to Web Services in SAS
SAS® USER FORUMNORWAY 2017
Copyright © SAS Inst itute Inc. A l l r ights reserved.
Show Off Your OauthAuthenticating to Web Services in SAS
SAS® USER FORUMNORWAY 2017
Copyright © SAS Inst itute Inc. A l l r ights reserved.
• Download the file
Show Off Your OauthAuthenticating to Web Services in SAS
filename sample "C:\Users\norjko\Documents\SAS Forum Norway\README.TXT";
proc http
url="https://www.googleapis.com/drive/v3/files/0B3DPZxFKIv8ieVJMb2hVT2kzZ2c?alt=med
ia"
out=sample;
headers "Authorization" = "Bearer &access_token";
run;
SAS® USER FORUMNORWAY 2017
Copyright © SAS Inst itute Inc. A l l r ights reserved.
Show Off Your OauthAuthenticating to Web Services in SAS
SAS® USER FORUMNORWAY 2017
Copyright © SAS Inst itute Inc. A l l r ights reserved.
• Generate some content in SAS
Show Off Your OauthAuthenticating to Web Services in SAS
ods rtf file="C:\Users\norjko\Documents\SAS Forum Norway\CLASS Data.rtf";
title "Listing of CLASS Data";
proc print data=sashelp.class;
run;
ods rtf close;
SAS® USER FORUMNORWAY 2017
Copyright © SAS Inst itute Inc. A l l r ights reserved.
• Build HTTP request for upload to Drive
Show Off Your OauthAuthenticating to Web Services in SAS
filename file "C:\Users\norjko\Documents\SAS Forum Norway\CLASS Data.rtf";
filename request TEMP;
%let boundary=foobar;
/* Build the multipart request */
data _null_;
infile file end=eof;
file request;
/* for each file we are sending, we need to add some special headers at the
beginning*/
if _n_ = 1 then
do;
put "--foobar"; /* This separates each data piece as a separate entity. Must
start with -- */
put "Content-Type: application/json";
put ; /* Must end with a CRLF signaling that what comes next is the actual entity
*/
put '{';
put '"name": "CLASS Data.rtf"';
put '}';
put ;
put "--foobar";
put "Content-Type: application/rtf";
put ;
end;
input;
put _infile_; /* add the actual file to be sent*/
/* the end of the multipart blob needs to be terminated */
if eof then
do;
put ; /* Must have a CRLF*/
put "--foobar--"; /* must start and end with --*/
end;
run;
SAS® USER FORUMNORWAY 2017
Copyright © SAS Inst itute Inc. A l l r ights reserved.
• Complete the HTTP request and send it
Show Off Your OauthAuthenticating to Web Services in SAS
data _null_;
length bytes $1024;
fid = fopen("request");
rc = fread(fid);
bytes = finfo(fid, 'File Size (bytes)');
call symput("content_length",trim(bytes));
rc = fclose(fid);
put bytes;
run;
proc http method="POST"
url="https://www.googleapis.com/upload/drive/v3/files?uploadType=multipart"
in = request
out = resptext
headerout = resphdrs;
headers "Authorization" = "Bearer &access_token" "Content-Type" =
"multipart/related; boundary=&boundary" "Content-Length" = "&content_length";
run;
SAS® USER FORUMNORWAY 2017
Copyright © SAS Inst itute Inc. A l l r ights reserved.
Show Off Your OauthAuthenticating to Web Services in SAS
SAS® USER FORUMNORWAY 2017
Copyright © SAS Inst itute Inc. A l l r ights reserved.
Show Off Your OauthAuthenticating to Web Services in SAS
SAS® USER FORUMNORWAY 2017
Copyright © SAS Inst itute Inc. A l l r ights reserved.
• Additional Inspiration– https://developers.google.com/products/
– https://dev.twitter.com/
– https://developers.facebook.com/
• This presentation was inspired by a SGF’17 paper by Joseph Henry– http://support.sas.com/resources/papers/proceedings17/SAS0224-2017.pdf
• Other related SAS papers– http://support.sas.com/resources/papers/proceedings16/SAS6363-2016.pdf
– http://support.sas.com/resources/papers/proceedings17/0993-2017.pdf
Show Off Your OauthAuthenticating to Web Services in SAS
SAS® USER FORUMNORWAY 2017
Copyright © SAS Inst itute Inc. A l l r ights reserved.
Thank you for attending!
Show Off Your OauthAuthenticating to Web Services in SAS