i'm using powerbi rest APIs in my react app.
for authentication I'm using copying static Azure Ad token (not an embed token) from their developers playground.
The token is only valid for an hour.
is there any way to dynamically generate it?
I tried to reproduce the same in my environment and got the results like below:
Based on your requirement you can add the API permissions:
I created an Azure AD Application and added API permission like below:
Offline_access API permission is required to generate the refresh token.
I generated the access token using below parameters:
GET https://login.microsoftonline.com/TenantID/oauth2/v2.0/token
client_id:ClientID
client_secret:*****
scope:RoleManagement.ReadWrite.Directory
grant_type:authorization_code
redirect_uri:RedirectUri
code:code
To refresh the access token, I used below parameters:
GET https://login.microsoftonline.com/TenantID/oauth2/v2.0/token
client_id:ClientID
grant_type:refresh_token
refresh_token:refreshtoken
client_secret:*****
Reference:
Create a React single-page app that uses auth code flow - Microsoft Entra
Related
Need just hint, tried all possible ways.
Any approach is highly appreciated.
Problem statement: access jwt authenticated django rest api using azure ad access token in postman and local app. django app is hosted on azure app service.
Challenge: pass two token with different header values in authorisation header such that azure token is also reader with django jwt token.
A. All possible authorisation in postman.
B. Different authorization keys and header values in django jwt settings
I've deployed my django application on azure app service.
I'm using JWT authentication for all rest API's.
I've an azure directory and service principal linked to azure web app.
In postman,
I can get access token from azure active directory(using clientID, Secret, resource, etc.) and use the same token to call django rest api.
I can easily access unauthenticated API just by using azure access taken in authorization bearer header.
For JWT authenticated API, I'm not able to use them (crud operation) as none of my approach is working.
Azure access token header value : Bearer
Django JWT token header value: Bearer, Token, JWT.
---- EDIT ----
Django application will server as a backend to client applications. Thus client application have to generate azure token and provide while calling django app API. But django application API's are also authenticted with JWTAuthentication, thus 2 tokens have to provided.
Problem
Both Tokens have to be provided in 'Authorisation' key to use with HTTP_AUTHORISATION.
INFORMATION
JWT packages: simplt_jwt
simplt_jwt,django version: latest
client: react-js webapp, swift ios mobile app
resources: azure app service, azure active directory with service plan
django website is used as a backend for webapp and mobile app.
To elaborate, some images are added:
Need to use this architecture (api endpoint with jwt authentication):
Call an API with JWT authentication header value in (Bearer, Token, JWT), and have to provide Azure access token withheader value as (Bearer).
Both Tokens have to be provided in authorisation header.
[api endpoint with jwt authentication][1]
[1]: https://i.stack.imgur.com/y0Uvf.png
Called an API(wihout django JWT authentication) using only azure access token and was able to get response.
Correct me if I'm using some wrong approach.
Add another custom backend and verify your Azure token by its public key:
https://docs.djangoproject.com/en/4.1/topics/auth/customizing/
And add it next to your SimpleJWT auth backend.
In your settings.py file:
REST_FRAMEWORK = {
...
'DEFAULT_AUTHENTICATION_CLASSES': (
...
'rest_framework_simplejwt.authentication.JWTAuthentication',
# add your azure backend here
'your_app.auth_azure_backend.AzureAuthentication',
)
...
}
from django.contrib.auth.backends import BaseBackend
class AzureAuthentication(BaseBackend):
def authenticate(self, request, token=None):
azure_token = request.headers['AzureToken'] # you can use custom headers or just use `Authentication` with Bearer token. Django will go through every backend to verify it.
decoded = jwt.decode(azure_token, public_key, algorithms=["RS256"])
# return user instance based on decoded data from Azure
If you can decode without error that means your token is generated by Azure AD.
You can follow this question to get your public key https://learn.microsoft.com/en-us/answers/questions/793793/azure-ad-validate-access-token
So I found a solution, if wrong please provide feedback.
I have create an authentication class inheriting JWTAuthentication class. And reading custom headers in request.headers. this way I can provide multiple tokens in a request.
Actually, My application is hosted on azure app service. So have to authenticate send also application have some inbuilt authentication to manage user access, thus need token for the same.
I have a React app where I'm embedding a PowerBI service report with user-owns-data (aka embed-for-organization) method with the help of powerbi-client-React library. like follow.
<PowerBIEmbed
embedConfig = {{
type: "report", // Supported types: report, dashboard, tile, visual and qna
id: "281839f6-4971-4ad3rtt",
tokenType: models.TokenType.Aad
accessToken : "938orie90rekjd-9393"
....some more properties here....
/>
where, models object is imported from powerbi-client library, and <PowerBiEmbed/> from 'powerbi-client-react (dependency).
Currently to get that 'azure ad access token' what I'm doing is-
Signing into my PowerBI account
Going to the browser console, and doing copy(powerbiaccesstoken) and I get my token.
I go into my code and paste it there.
So, now the report is embedded in my React app for at least 1 hour, because that token is only valid for one hour. Thereafter it shows a prompt for the user to sign in with their PowerBI credentials.
Now I have to sign into my PowerBI account again, copy the AAD token, and paste it into my code.
I have a dedicated PowerBI Pro account whose credentials can be used in creating access tokens.
Is there a way for me to do this without copying the token repeatedly? And some JavaScript code on either front-end or back-end do this for me before the access token really expires?
And some javascript code on either front-end or backend do this for me before the access token really expires?
Yes. This must be done from the back-end, as you can't expose the master user credentials to the client. Follow the docs here to get the access token for your master user, and create the embed token from a back-end service.
I would like to send an email on behalf of a user using Postman (Office 365). I have the email id and password of that account. After doing some research, I have found that I need to login, using a browser, to get the authorization code and then I can perform the next steps from Postman (getting the access token and using the Microsoft Graph Explorer) to send the email.
I would like to get the authorization code using Postman (not browser). I tried and got the following error (which is what should come the way I have requested the API)-
In short, I want to send email from Graph API using a REST client like Postman (right from authorization to sending email). Is this possible?
(I have already read these documents but did not help me get there-
https://developer.microsoft.com/en-us/graph/docs/concepts/rest
Accessing Microsoft Graph API without using login page
Automatically Log-In To Office 365
)
Yes, it is very possible, in fact, you can use all of the Microsoft Graph API from Postman or any other program which can make HTTP requests.
All you need to do is to get access token to use in your requests to the Graph API, and there at least 4 ways which allow you to do so without user interaction. But the process requires some preparation since you need to create an OAuth App in order to be able to use the Graph API.
Since I had to do the same myself and it wasn't easy to collect all the bits of information necessary, I've written a full guide on this subject including Postman examples:
Getting Access Token for Microsoft Graph Using OAuth REST API
In large you need to do the following steps:
Register OAuth App
Configuring App Permission
Use one of the following flows, depending on the information you have:
Flow 1: Get Access Token from Client Credentials (Client credentials Grant)
Flow 2 – Get Access Token From Client & User Credentials (Resource Owner Credentials Grant)
Flow 3 – Get Access Token From Refresh Token (Refresh Token Grant)
Flow 4 – Get Access Token From Another Access Token (On-Behalf-Of Grant)
Use the access token in requests to Microsoft Graph API
All of those steps are explained in the article.
I am trying to get my ( OWN ) ad accounts data using facebook insights api. the very first step is getting access token. until now i was using access token generated by graph api explorer by extending it lifetime manually. now what is the programmatic way of getting access token. i have referred this documntation https://developers.facebook.com/docs/facebook-login/manually-build-a-login-flow/
This is only possible when i am using some sort of front-end or browser interface to open up login dialog but i am using a python script. its not possible to open up the login dialog. ho do i get my access token .
as far as i understand login dialog popu up when using user access token. i think i need to use app access token . are both same?
Follow the step here:
https://developers.facebook.com/docs/facebook-login/access-tokens/#apptokens
You can get the access token through the sample code
But reminded that because this request uses your app secret, it must never be made in client-side code or in an app binary that could be decompiled.
I'm developing a site for a non-profit. I'm building it as an express app hosted on heroku that needs access to the non-profits facebook group events.
I'm able to grab all the group's events in the graph api explorer. But I'm very confused as to what api token I need.
What facebook api token do I need to provide my webapp so it can access a random group's events listing?
Probably the app access token from the application requesting the information. The access token can be created by linking your application ID and your application secret together like so:
APP_ID | APP_SECRET
No spaces between though, just provided them for clarity.
PHP example:
$app_access_token=$app_id."|".$app_secret;
Then just append the access token to your request and it should work.
You want to use an app token. Easiest method is to create an app, then submit a get request with your app_id concatenated with your app secret.
Like so curl https://graph.facebook.com/v2.1/endpoint?key=value&access_token=app_id|app_secret note that https is required. https://developers.facebook.com/docs/facebook-login/access-tokens/#apptokens
Note this only works for endpoints that don't need user credentials e.g. public groups https://developers.facebook.com/docs/graph-api/reference/v2.1/group/ However group/events does need a user access token https://developers.facebook.com/docs/graph-api/reference/v2.1/group/events