Attention : This code requires administrator privileges.
This script initiates an interactive OAuth2 authentication procedure for a Microsoft 365 application. It constructs an authorization URL that the user must open in a browser. After logging in and granting consent, the user retrieves an authorization code from the redirection URL. This code is then used by the `%get_token` macro to request an access token and a refresh token, which are stored in a `token.json` file for subsequent non-interactive API calls.
Data Analysis
Type : CREATION_INTERNE
The script does not read data for analysis. Its purpose is to generate a configuration file (`token.json`) containing authentication tokens. It depends on external SAS configuration files (`onedrive_config.sas`) and macros (`onedrive_macros.sas`) which must exist at the specified path.
1 Code Block
Macro
Explanation :
This block initializes a macro variable `config_root` pointing to the project directory. It then includes two external SAS files: `onedrive_config.sas` (likely for application credentials) and `onedrive_macros.sas` (containing macro logic). Finally, it assigns a fileref `token` to the future JSON file that will store the tokens.
This block initializes a macro variable `config_root` pointing to the project directory. It then includes two external SAS files: `onedrive_config.sas` (likely for application credentials) and `onedrive_macros.sas` (containing macro logic). Finally, it assigns a fileref `token` to the future JSON file that will store the tokens.
Copied!
| 1 | /* |
| 2 | This file contains steps that you perform just once to |
| 3 | set up a new project. You'll use these steps to get an |
| 4 | access code and your initial authentication tokens. |
| 5 | |
| 6 | You might need to repeat this step later if your |
| 7 | Microsoft Office 365 credentials change (including password) |
| 8 | or if the tokens are revoked by using another method. |
| 9 | |
| 10 | */ |
| 11 | %let config_root=/folders/myfolders/onedrive; |
| 12 | |
| 13 | %include "&config_root./onedrive_config.sas"; |
| 14 | %include "&config_root./onedrive_macros.sas"; |
| 15 | |
| 16 | /* |
| 17 | Our json file that contains the oauth token information |
| 18 | */ |
| 19 | filename token "&config_root./token.json"; |
2 Code Block
Macro
Explanation :
Construction of the OAuth2 authorization URL using macro variables (like `tenant_id`, `client_id`) defined in `onedrive_config.sas`. The `%nrstr` function is used to mask special characters in the URL. The URL is then displayed in the SAS log for the user to copy.
Construction of the OAuth2 authorization URL using macro variables (like `tenant_id`, `client_id`) defined in `onedrive_config.sas`. The `%nrstr` function is used to mask special characters in the URL. The URL is then displayed in the SAS log for the user to copy.
Copied!
| 1 | /* Do these steps JUST ONCE, interactively, |
| 2 | for your application and user account. |
| 3 | |
| 4 | Get the code from the URL in the browser and set it below |
| 5 | as the value of auth_code. |
| 6 | |
| 7 | The authorization code is going to be a LONG character value. |
| 8 | */ |
| 9 | |
| 10 | /* Run this line to build the authorization URL */ |
| 11 | %let authorize_url=https://login.microsoftonline.com/&tenant_id./oauth2/authorize?client_id=&client_id.%nrstr(&response_type)=code%nrstr(&redirect_uri)=&redirect_uri.%nrstr(&resource)=&resource.; |
| 12 | options nosource; |
| 13 | %put Paste this URL into your web browser:; |
| 14 | %put -- START -------; |
| 15 | %put &authorize_url; |
| 16 | %put ---END ---------; |
| 17 | options SOURCE; |
3 Code Block
Macro Data
Explanation :
This block is intended to be executed after the manual step. The user must paste the authorization code obtained from the browser into the `auth_code` macro variable. Then, the `%get_token` macro is called. It sends this code (and other parameters) to the Microsoft API to obtain access and refresh tokens, and then writes these tokens to the `token.json` file via the `token` fileref.
This block is intended to be executed after the manual step. The user must paste the authorization code obtained from the browser into the `auth_code` macro variable. Then, the `%get_token` macro is called. It sends this code (and other parameters) to the Microsoft API to obtain access and refresh tokens, and then writes these tokens to the `token.json` file via the `token` fileref.
Copied!
| 1 | /* |
| 2 | Copy the value of the authorize_url into a web browser. |
| 3 | Log into your OneDrive account as necessary. |
| 4 | The browser will redirect to a new address. |
| 5 | Copy the auth_code value from that address into the following |
| 6 | macro variable. Then run the next two lines (including %get_token macro). |
| 7 | |
| 8 | Note: this code can be quite long -- 700+ characters. |
| 9 | */ |
| 10 | %let auth_code=; |
| 11 | |
| 12 | /* |
| 13 | Now that we have an authorization code we can get the access token |
| 14 | This step will write the tokens.json file that we can use in our |
| 15 | production programs. |
| 16 | */ |
| 17 | %get_token(&client_id.,&auth_code,&resource.,token,tenant=&tenant_id,debug=3); |
This material is provided "as is" by We Are Cas. There are no warranties, expressed or implied, as to merchantability or fitness for a particular purpose regarding the materials or code contained herein. We Are Cas is not responsible for errors in this material as it now exists or will exist, nor does We Are Cas provide technical support for it.
Expert Advice
Michael
Responsable de l'infrastructure Viya.
« Integrating SAS with Microsoft 365 requires moving away from legacy password authentication in favor of the OAuth2 protocol. This script handles the "initial handshake," transforming a manual user login into a persistent, programmatic connection. Once this interactive setup is complete, your SAS jobs can run autonomously using tokens, bypassing the need for a browser. »