Trying to embed Power BI dashboard into our Angular application. The issue is that we're getting the ID token instead of access token. Moreover, there's a cross origin issue as well. If we get the token from postman and embed in a sample web page, it works but when we call it within our application, it doesn't work. It give the following error:
ERROR:
Error: Uncaught (in promise): Object: {"message":"LoadReportFailed","detailedMessage":"Fail to initialize - Could not resolve cluster","errorCode":"403","level":6,"technicalDetails":
{"requestId":"cde7a17e-5baa-454c-8e8b-72e5b9f1307e"}}
Any help would be highly appreciated.
Granted all permissions on the app created on azure. Used implicit grant.
Need the access token instead of ID token.
Accordin the official troubleshooting guide, this error means that "Embed type doesn't match token type". So this probably is a bug in your code. In Embed Configuration Details check the value of tokenType property. It can be either AAD or Embed. Make sure it matches the type of the token, that you provided in accessToken property.
AAD tokens are acquired when authenticating against Azure AD (usually by calling some AcquireTokenAsync method). You can use them to access all reports that your user has access to, and to make Power BI REST API calls.
Embed tokens are acquired by calling GenerateTokenInGroup or other similar method. They are valid for a specific object (e.g. only this one report) and are the recommended way to embed Power BI elements in your application, but they require a capacity (Power BI Premium or Embedded) assigned to your workspace.
Related
I have a React app where I'm embedding a PowerBI service report with user-owns-data (aka embed-for-organization) method with the help of powerbi-client-React library. like follow.
<PowerBIEmbed
embedConfig = {{
type: "report", // Supported types: report, dashboard, tile, visual and qna
id: "281839f6-4971-4ad3rtt",
tokenType: models.TokenType.Aad
accessToken : "938orie90rekjd-9393"
....some more properties here....
/>
where, models object is imported from powerbi-client library, and <PowerBiEmbed/> from 'powerbi-client-react (dependency).
Currently to get that 'azure ad access token' what I'm doing is-
Signing into my PowerBI account
Going to the browser console, and doing copy(powerbiaccesstoken) and I get my token.
I go into my code and paste it there.
So, now the report is embedded in my React app for at least 1 hour, because that token is only valid for one hour. Thereafter it shows a prompt for the user to sign in with their PowerBI credentials.
Now I have to sign into my PowerBI account again, copy the AAD token, and paste it into my code.
I have a dedicated PowerBI Pro account whose credentials can be used in creating access tokens.
Is there a way for me to do this without copying the token repeatedly? And some JavaScript code on either front-end or back-end do this for me before the access token really expires?
And some javascript code on either front-end or backend do this for me before the access token really expires?
Yes. This must be done from the back-end, as you can't expose the master user credentials to the client. Follow the docs here to get the access token for your master user, and create the embed token from a back-end service.
i'm using powerbi rest APIs in my react app.
for authentication I'm using copying static Azure Ad token (not an embed token) from their developers playground.
The token is only valid for an hour.
is there any way to dynamically generate it?
I tried to reproduce the same in my environment and got the results like below:
Based on your requirement you can add the API permissions:
I created an Azure AD Application and added API permission like below:
Offline_access API permission is required to generate the refresh token.
I generated the access token using below parameters:
GET https://login.microsoftonline.com/TenantID/oauth2/v2.0/token
client_id:ClientID
client_secret:*****
scope:RoleManagement.ReadWrite.Directory
grant_type:authorization_code
redirect_uri:RedirectUri
code:code
To refresh the access token, I used below parameters:
GET https://login.microsoftonline.com/TenantID/oauth2/v2.0/token
client_id:ClientID
grant_type:refresh_token
refresh_token:refreshtoken
client_secret:*****
Reference:
Create a React single-page app that uses auth code flow - Microsoft Entra
Currently I am getting Power BI Report from Power BI services with access token and embedding this report into IFrame using Azure AIDL Authentication.
Using this Java Library I am getting an JWT access token and fetching into my Power Bi report.
Below are the problems with this approach:
1) Access token has a short validity of 60 mins. and after that I fetch new access token using refresh token.
2) But the refresh token itself has a validity of 14 days and after that I need to manually log in and update the refresh token manually.
I want to avoid manual log in and wondering if there is any way to make this automatic.
Any suggestions would be appreciated.
My app got white-listed for using the Ads API.
I was wondering in regarding to the authentication flow.
Say, that I need to retrieve and execute actions via the API on daily tasks ( with no user interaction) , I find the authentication process quite cumbersome.
Is there a way to work with my app access token instead of a user access token?
I want to be able to approve my app only once for each user and then to be able to work with no user interaction.
Can I achieve this?
App access token is not relevant for this case.
I had to work with the user access token.
I followed this doc: https://developers.facebook.com/docs/reference/ads-api/
Eventually , one should use some client side code in order to get a user permissions and then make another request for getting the user token.
So you'll have to call
https://www.facebook.com/dialog/oauth?client_id=YOUR_APP_ID&redirect_uri=YOUR_URL&scope=ads_management,offline_access&response_type=code
Get the authentication code and make another call:
https://graph.facebook.com/oauth/access_token?client_id=YOUR_APP_ID&redirect_uri=YOUR_URL&client_secret=YOUR_APP_SECRET&code=AUTHORIZATION_CODE
Then you'll get an access token which is valid only for two months, in opposed to what Facebook docs says in here:
https://developers.facebook.com/roadmap/offline-access-removal/
"Ads APIs are special cased to allow collection of statistics offline. PMD partners should use server-side OAuth flow in order to receive a non-expiring token rather than a token that has longer expiration time."
Too bad that the access token is not really valid forever...
According to "Exception 4" in this document , if you have Ads API access you should be able to get a non-expiring token if you use the correct workflow. Following the guidelines outlined here, if you use the server side OAuth flow, to make the following request you should get a non-expiring token:
GET /oauth/access_token?
grant_type=fb_exchange_token&
client_id={app-id}&
client_secret={app-secret}&
fb_exchange_token={short-lived-token}
thx for the feedback regarding the Access token process being cumbersome. Because this is a one to many solution - a single App ID can manage multiple ad accounts, on behalf of multiple people - we need to make calls on behalf of people.
You should be able to get a persistent access token for Ads API. If you are not getting it, please provide exact steps you are following so we can see if there is a bug or you might be missing a step.
Thx.
I'm using the Graph Explorer, and I'm choosing my application from the Application Drop Down List.
I'm having to access this photo https://graph.facebook.com/399744030064153.
When i choose the application, facebook automatically the access token for the app and I'm being able to view the photo details.
However, in my php application, when i do
$access_token=$facebook->getAccessToken();
$photoObj=$facebook->api("https://graph.facebook.com/399744030064153?access_token=$access_token");
Its not working, from what i know, the access token is wrong because I'm trying to echo the access token and I check it. Thus, the problem is the access token
Does someone has an idea??
The Graph API explorer automatically generates a user access token, which gives the app the ability to act on a user's behalf. - in this case, your own account.
The getAccessToken() method in the SDK, if used standalone (i.e not as part of the documented Auth flow) will return an App Access Token, which although usable with the API won't be able to view any content unless it's Publicly visible