Can't get client-credentials access token to authorize Power BI

Question

I\'m trying to use the Power BI REST API, using an access token acquired with the \"client credentials\" method, but I keep getting 403 Forbidden on my requests

Answer 1

With the assistance of some Microsoft folks (thanks, Jon Gallant & Josh Caplan), I've learned that authenticating with an OAuth client-credentials flow, as I was doing with that JavaScript sample, provides insufficient access. To use Power BI, authentication needs to be based on a particular user.

I tried using:

1. the similar JavaScript sample username-password-sample.js
2. a resource value of https://analysis.windows.net/powerbi/api (thanks, slugslog)
3. adding username and password to the parameters.json

That got me closer, but I was still getting a 400 response: "error_description":"AADSTS90014: The request body must contain the following parameter: 'client_secret or client_assertion'. …".

A hack to the adal-node library (hardcoding the client secret, i.e., oauthParameters[OAuth2Parameters.CLIENT_SECRET] = "my-client-secret"; after line 217 of token-request.js) was enough to get back an access token which works in the Authorization header for my original curl call.

Of course hardcoding that value in there isn't my final solution. I don't plan to use the adal-node library, anyway. But as far as this proof-of-concept for this authentication case goes, that's the answer I came to.