Grant access using password
Obtains an access token on behalf of an end user, using that user's authenticating credentials (such as username and password) along with the client identifier and the associated secret that have been registered with the SAS environment. The user credentials are validated. If they are valid, the SAS Logon API returns an access token. Obtaining access tokens on behalf of an end user is required for all SAS Viya APIs that support user and group authorization rules.
1{2 "access_token": "eyJhbGciOiJSUzI1NiIsImtpZCI6ImxlZ2FjeS10b2tlbi1rZXkiLCJ0eXAiOiJKV1QifQ.eyJqdGkiOiIzNTM4ZTQxNTEyNDY0NmU3YTJiZjA1NDBlNTM3MjNlNSIsInN1YiI6IjAzMzNiODlkLTc5MjUtNDllZS04N2Y3LTQ4YzY1Mzg2N2RlZCIsInNjb3BlIjpbIm9wZW5pZCIsImdyb3VwMSIsImdyb3VwMiIsImdyb3VwMyJdLCJjbGllbnRfaWQiOiJhcHAiLCJjaWQiOiJhcHAiLCJhenAiOiJhcHAiLCJncmFudF90eXBlIjoicGFzc3dvcmQiLCJ1c2VyX2lkIjoiMDMzM2I4OWQtNzkyNS00OWVlLTg3ZjctNDhjNjUzODY3ZGVkIiwib3JpZ2luIjoidWFhIiwidXNlcl9uYW1lIjoiYm9iIiwiZW1haWwiOiJub25lIiwiYXV0aF90aW1lIjoxNTIyMTY3MTY3LCJyZXZfc2lnIjoiOWEzYzI0ZWQiLCJpYXQiOjE1MjIxNjcxNjcsImV4cCI6MTUyMjIxMDM2NywiaXNzIjoiaHR0cHM6Ly9leGFtcGxlLnNhcy5jb20vU0FTTG9nb24vb2F1dGgvdG9rZW4iLCJ6aWQiOiJ1YWEiLCJhdWQiOlsiYXBwIiwib3BlbmlkIl19.EOpYXf5acyiTn1wY5Tjr9vdu5Ez_UyPnYriMPlR9DkDTPtxxphdCiQweMEx8bjevWmFhDV-m4MDFm9F551F36cyhkpaXq39Xu6My_iDdc-xdAMvm04PHhz6p2NDSjCrmg9L5remIK-WQDyN3klkKNQvuN2V8jklVoXVMj_bBgpg",3 "id_token": "eyJhbGciOiJSUzI1NiIsImtpZCI6ImxlZ2FjeS10b2tlbi1rZXkiLCJ0eXAiOiJKV1QifQ.eyJqdGkiOiIzNTM4ZTQxNTEyNDY0NmU3YTJiZjA1NDBlNTM3MjNlNSIsInN1YiI6IjAzMzNiODlkLTc5MjUtNDllZS04N2Y3LTQ4YzY1Mzg2N2RlZCIsInNjb3BlIjpbIm9wZW5pZCIsImdyb3VwMSIsImdyb3VwMiIsImdyb3VwMyJdLCJjbGllbnRfaWQiOiJhcHAiLCJjaWQiOiJhcHAiLCJhenAiOiJhcHAiLCJncmFudF90eXBlIjoicGFzc3dvcmQiLCJ1c2VyX2lkIjoiMDMzM2I4OWQtNzkyNS00OWVlLTg3ZjctNDhjNjUzODY3ZGVkIiwib3JpZ2luIjoidWFhIiwidXNlcl9uYW1lIjoiYm9iIiwiZW1haWwiOiJub25lIiwiYXV0aF90aW1lIjoxNTIyMTY3MTY3LCJyZXZfc2lnIjoiOWEzYzI0ZWQiLCJpYXQiOjE1MjIxNjcxNjcsImV4cCI6MTUyMjIxMDM2NywiaXNzIjoiaHR0cHM6Ly9leGFtcGxlLnNhcy5jb20vU0FTTG9nb24vb2F1dGgvdG9rZW4iLCJ6aWQiOiJ1YWEiLCJhdWQiOlsiYXBwIiwib3BlbmlkIl19.EOpYXf5acyiTn1wY5Tjr9vdu5Ez_UyPnYriMPlR9DkDTPtxxphdCiQweMEx8bjevWmFhDV-m4MDFm9F551F36cyhkpaXq39Xu6My_iDdc-xdAMvm04PHhz6p2NDSjCrmg9L5remIK-WQDyN3klkKNQvuN2V8jklVoXVMj_bBgpg",4 "refresh_token": "dfd22292eaf447c4af633ff589f8c899-r",5 "token_type": "bearer",6 "expires_in": 43199,7 "scope": "openid group1 group2 group3",8 "refresh_expires_in": 1209599,9 "refresh_revocable": true,10 "revocable": false,11 "jti": "322fdb2902c84a51a667b90b99fa1f06"12}
Name | Type | Required | Description |
---|---|---|---|
Authorization | string | false | The basic authorization header containing the registered OAuth client identifier and secret. Optional if this information is passed as part of the form data. |
Name | Type | Required | Description |
---|---|---|---|
client_id | string | false | The client identifier for the registered OAuth client and recipient of the token. Optional if this information is passed as part of the Authorization header. |
client_secret | string | false | The client secret for the registered OAuth client. Optional if this information is passed as part of the Authorization header. |
grant_type | string | true | The type of authentication used to obtain the token. In this case, 'password'. |
response_type | string | false | The type of token that should be issued. |
username | string | true | The username of the end user for whom the client is obtaining an access token on behalf of. |
password | string | true | The end user's password. |
scope | string | false | The space-limited list of scopes. Usually omitted, defaults to the scope registered to the client. |
Status | Meaning | Description | ||
---|---|---|---|---|
200 | OK | The request succeeded. | Schema | |
400 | Bad Request | The request was invalid. |