sasjs auth provides authentication against a predefined SAS target. The following commands make use of authentication:
- sasjs run
- sasjs job execute
- sasjs flow
- sasjs request
- sasjs deploy
- sasjs test
- sasjs folder
sasjs auth command is an alias for
sasjs add cred - and it is integrated also into the
sasjs add command (for adding a new target).
Before using this command, you will need to:
sasjs auth [additional arguments]
Additional arguments may include:
-t) - the target environment in which to deploy the services. If not specified, the
defaultTargetwill be used, as defined in
sasjsconfig.json. The target can exist either in the local project configuration or in the global
Targets can have local (to a project) or global (to a user) scope. For a local target, credentials are stored in a
.env.[target name] file. To have one file that covers all (local) targets you can rename this file to
All published SASjs projects (and templates) already include this file in the
.gitignore file, if you are deploying to your own existing project you should do the same - to prevent accidentally pushing credentials to source control.
For global targets the credentials are stored in the
.sasjsrc file in the users home directory.
The authentication approach taken will depend on the serverType which can be SAS9 or SASVIYA.
SAS Viya Authentication¶
To authenticate with SAS Viya you will need an administrator to provide a CLIENT and SECRET with
authorization_code grant type (SASjs does not support password authentication grant type). Further information on this topic is available here.
After you provide the client / secret, you are given a link which you must click to obtain the authorisation code. Be sure to select any scopes (such as openid) if presented.
Once you provide the authorisation code, the ACESS_TOKEN and REFRESH_TOKEN are saved and used for further connection requests. If the ACCESS_TOKEN expires (by default after 12 hours) the REFRESH_TOKEN will be used automatically to update, until it also expires (by default after 30 days). At this point, you will need to run
sasjs auth once again.
SAS 9 Authentication¶
SAS 9 authentication requires a username and password. We strongly recommend the use of SAS encoded passwords (method=sas003 and above), however - to enable this you will first need to make a server side change (to the
AllowEncodedPassword property) as follows:
- Log on to SAS® Management Console.
- Select Application Management.
- Navigate to Configuration Manager ► Stored Process Web App
- Select Properties ► Advanced (tab).
- Click the Add button and define a new property:
- Property Name: AllowEncodedPassword
- Property Value: true
- Click OK
- Restart the Mid Tier Web Server
If the password you provide is not sas-encoded, the command will still work, however you will get health warnings in the log.
SAS 9 Execution¶
SAS 9 operations require the use of a "runner" for executing the SAS code generated by the CLI. For security, this runner is always stored in your home directory in metadata.
To deploy the runner:
/* import the macros */ filename mc url "https://raw.githubusercontent.com/sasjs/core/main/all.sas"; %inc mc; /* create the runner */ filename ft15f001 temp; parmcards4; %macro sasjs_runner(); %if %symexist(_webin_fileref) %then %do; %inc &_webin_fileref; %end; %mend sasjs_runner; %sasjs_runner() ;;;; %mm_createwebservice(path=/User Folders/&sysuserid/My Folder/sasjs,name=runner)