Currently I am getting Power BI Report from Power BI services with access token and embedding this report into IFrame using Azure AIDL Authentication.
Using this Java Library I am getting an JWT access token and fetching into my Power Bi report.
Below are the problems with this approach:
1) Access token has a short validity of 60 mins. and after that I fetch new access token using refresh token.
2) But the refresh token itself has a validity of 14 days and after that I need to manually log in and update the refresh token manually.
I want to avoid manual log in and wondering if there is any way to make this automatic.
Any suggestions would be appreciated.
Related
I have a React app where I'm embedding a PowerBI service report with user-owns-data (aka embed-for-organization) method with the help of powerbi-client-React library. like follow.
<PowerBIEmbed
embedConfig = {{
type: "report", // Supported types: report, dashboard, tile, visual and qna
id: "281839f6-4971-4ad3rtt",
tokenType: models.TokenType.Aad
accessToken : "938orie90rekjd-9393"
....some more properties here....
/>
where, models object is imported from powerbi-client library, and <PowerBiEmbed/> from 'powerbi-client-react (dependency).
Currently to get that 'azure ad access token' what I'm doing is-
Signing into my PowerBI account
Going to the browser console, and doing copy(powerbiaccesstoken) and I get my token.
I go into my code and paste it there.
So, now the report is embedded in my React app for at least 1 hour, because that token is only valid for one hour. Thereafter it shows a prompt for the user to sign in with their PowerBI credentials.
Now I have to sign into my PowerBI account again, copy the AAD token, and paste it into my code.
I have a dedicated PowerBI Pro account whose credentials can be used in creating access tokens.
Is there a way for me to do this without copying the token repeatedly? And some JavaScript code on either front-end or back-end do this for me before the access token really expires?
And some javascript code on either front-end or backend do this for me before the access token really expires?
Yes. This must be done from the back-end, as you can't expose the master user credentials to the client. Follow the docs here to get the access token for your master user, and create the embed token from a back-end service.
i'm using powerbi rest APIs in my react app.
for authentication I'm using copying static Azure Ad token (not an embed token) from their developers playground.
The token is only valid for an hour.
is there any way to dynamically generate it?
I tried to reproduce the same in my environment and got the results like below:
Based on your requirement you can add the API permissions:
I created an Azure AD Application and added API permission like below:
Offline_access API permission is required to generate the refresh token.
I generated the access token using below parameters:
GET https://login.microsoftonline.com/TenantID/oauth2/v2.0/token
client_id:ClientID
client_secret:*****
scope:RoleManagement.ReadWrite.Directory
grant_type:authorization_code
redirect_uri:RedirectUri
code:code
To refresh the access token, I used below parameters:
GET https://login.microsoftonline.com/TenantID/oauth2/v2.0/token
client_id:ClientID
grant_type:refresh_token
refresh_token:refreshtoken
client_secret:*****
Reference:
Create a React single-page app that uses auth code flow - Microsoft Entra
I am able to use this REST API call to set datasource credentials in Power BI with an OAuth2 access token. e.g.,
{
"credentialDetails": {
"credentialType": "OAuth2",
"credentials": "{\"credentialData\":[{\"name\":\"accessToken\", \"value\":\"eyJ0....fwtQ\"}]}",
"encryptedConnection": "Encrypted",
"encryptionAlgorithm": "None",
"privacyLevel": "None",
"useEndUserOAuth2Credentials": "False"
}
}
When I do this, the access token is short-lived and expires in an hour. After that, Power BI can no longer connect to the datasource.
What I don't understand is why when I log in to my datasource with the Power BI service through a browser, somehow the credential doesn't seem to expire; Power BI can still refresh the data hours later.
My Question: How can I use the REST API to replicate, programmatically, what happens when I provide my datasource credentials to the Power BI Service through my browser?
When you configure connection interactively Power BI gets both an access token and a refresh token.
The API does not support doing that, but you can vote for the idea to help prioritize the feature.
We have a requirement to fetch data from a rest api into powerbi and schedule a refresh every night. The rest api support jwt authentication so it needs header with xapikey and access token.
I have managed to write a function in power query to get access token from our auth endpoint and able to inject access token for the rest api call and it works fine with powerbi-desktop. I have published the report to powerbi cloud.
The auth endpoint require username and password, we would not like to store this details in .pbix file and publish to cloud but instead use azure key vault and powerbi to fetch details at runtime.
Please advise ?
Power Automate has a great Azure Vault connector.
You could make a simple 3-action flow:
A post to that URL will json back the secret/credentials.
Now, here is the goofy part - hide that URL in a permissioned location (Onedrive, Sharepoint, etc). Have your pbi pickup from that location, using privileged credentials. Now the URL and the credentials get picked up at runtime, and neither is persisted in PBIX.
I am assuming that there is an available premium PAutomate env in which to spin up that flow, of course. But, given that you already have an azure vault, that seems like a standard PBI+ toolkit to have at that point.
Trying to embed Power BI dashboard into our Angular application. The issue is that we're getting the ID token instead of access token. Moreover, there's a cross origin issue as well. If we get the token from postman and embed in a sample web page, it works but when we call it within our application, it doesn't work. It give the following error:
ERROR:
Error: Uncaught (in promise): Object: {"message":"LoadReportFailed","detailedMessage":"Fail to initialize - Could not resolve cluster","errorCode":"403","level":6,"technicalDetails":
{"requestId":"cde7a17e-5baa-454c-8e8b-72e5b9f1307e"}}
Any help would be highly appreciated.
Granted all permissions on the app created on azure. Used implicit grant.
Need the access token instead of ID token.
Accordin the official troubleshooting guide, this error means that "Embed type doesn't match token type". So this probably is a bug in your code. In Embed Configuration Details check the value of tokenType property. It can be either AAD or Embed. Make sure it matches the type of the token, that you provided in accessToken property.
AAD tokens are acquired when authenticating against Azure AD (usually by calling some AcquireTokenAsync method). You can use them to access all reports that your user has access to, and to make Power BI REST API calls.
Embed tokens are acquired by calling GenerateTokenInGroup or other similar method. They are valid for a specific object (e.g. only this one report) and are the recommended way to embed Power BI elements in your application, but they require a capacity (Power BI Premium or Embedded) assigned to your workspace.