发表新帖
发表新帖

Can't get client-credentials access token to authorize Power BI

后端 未结
关注
4 1045
梦谈多话
梦谈多话 2020-12-06 16:48

I\'m trying to use the Power BI REST API, using an access token acquired with the \"client credentials\" method, but I keep getting 403 Forbidden on my requests

相关标签:
4条回答
  • 半阙折子戏
    2020-12-06 16:58

    Make sure that your app that you registered with AAD has the read write all datasets permission. That should solve the problem.

    0 讨论(0)
  • 悲哀的现实
    2020-12-06 17:10

    With the assistance of some Microsoft folks (thanks, Jon Gallant & Josh Caplan), I've learned that authenticating with an OAuth client-credentials flow, as I was doing with that JavaScript sample, provides insufficient access. To use Power BI, authentication needs to be based on a particular user.

    I tried using:

    1. the similar JavaScript sample username-password-sample.js
    2. a resource value of https://analysis.windows.net/powerbi/api (thanks, slugslog)
    3. adding username and password to the parameters.json

    That got me closer, but I was still getting a 400 response: "error_description":"AADSTS90014: The request body must contain the following parameter: 'client_secret or client_assertion'. …".

    A hack to the adal-node library (hardcoding the client secret, i.e., oauthParameters[OAuth2Parameters.CLIENT_SECRET] = "my-client-secret"; after line 217 of token-request.js) was enough to get back an access token which works in the Authorization header for my original curl call.

    Of course hardcoding that value in there isn't my final solution. I don't plan to use the adal-node library, anyway. But as far as this proof-of-concept for this authentication case goes, that's the answer I came to.

    0 讨论(0)
  • 余生分开走
    2020-12-06 17:13

    So I tried this with my own app, the following command works (for me):

    curl -vv -X GET https://api.powerbi.com/v1.0/myorg/datasets -H"Authorization: Bearer ey....qqqq"

    BTW, the extra "v" after -v seems redundant.

    So what I can conclude is that your application is missing the required permissions to call Power BI's APIs.

    One thing you might try is grab one of our samples, create a new application in AAD for it, and then see if the authorization token works for it. Here's a good one to try: https://github.com/PowerBI/Integrate-a-tile-into-an-app

    0 讨论(0)
  • 不知归路
    2020-12-06 17:14

    This is not an answer but one step forward in the debug process. I think the resource for which the token is requested should be "https://analysis.windows.net/powerbi/api". I've seen these in multiple references; one of them is linked below. Even after changing this, I still get a 403. As the OP mentioned if we use the accessToken from the powerBI portal, everything works.

    0 讨论(0)
 看不清?
提交回复
热议问题