I'm working on BI Publisher web service.
first, I call the login() with user name and password to get the TOKEN;
then, I call other insession methods with the TOKEN
My question is:
By default, how long the TOKEN will expire? This is a configuration in BI Publisher?
Thanks
There is a file called web.xml somewhere in your BI Publisher install tree. Per the Oracle blog post, it's found at:
\applications\xmlpserver\xmlpserver\WEB-INF\web.xml
However, on my BI Publisher Trial Edition installation, it's found at:
\bip\server\wls\user_projects\applications\bipdomain\xmlpserver\WEB-INF\web.xml
Thus, you may need to do a bit of searching to find it. Wherever it is, you want to find this tag combination:
<session-config>
<session-timeout>20</session-timeout>
</session-config>
The value of session-timeout is measured in minutes.
Related
We have a requirement to fetch data from a rest api into powerbi and schedule a refresh every night. The rest api support jwt authentication so it needs header with xapikey and access token.
I have managed to write a function in power query to get access token from our auth endpoint and able to inject access token for the rest api call and it works fine with powerbi-desktop. I have published the report to powerbi cloud.
The auth endpoint require username and password, we would not like to store this details in .pbix file and publish to cloud but instead use azure key vault and powerbi to fetch details at runtime.
Please advise ?
Power Automate has a great Azure Vault connector.
You could make a simple 3-action flow:
A post to that URL will json back the secret/credentials.
Now, here is the goofy part - hide that URL in a permissioned location (Onedrive, Sharepoint, etc). Have your pbi pickup from that location, using privileged credentials. Now the URL and the credentials get picked up at runtime, and neither is persisted in PBIX.
I am assuming that there is an available premium PAutomate env in which to spin up that flow, of course. But, given that you already have an azure vault, that seems like a standard PBI+ toolkit to have at that point.
I'm building a custom Power BI DataConnector which uses OAuth. I'm following the github example. But this stores client credentials (required for the 'code flow' in OAuth) as plain text files. Is there a secure alternative to this ?
Unfortunately due to the current "state of the art" there is no way to securely protect these credentials according to Microsoft staffer Curt Hagenlocher:
There is no way to protect a secret on someone's desktop. That's why some OAuth providers (like AAD) support a "native app" mode where there's a client id but no secret. The most recent development in this space is PKCE, and we're aiming to have sample code for that later this year.
In principle, a secret could be supplied separately for service use -- and I'd like to see us do that some day -- but there's a lot of infrastructure which would need to be created to support that.
I suggested encryption of the module itself and Curt's response was that this too would be ineffective:
All someone needs to do is have Fiddler running and they can see
exactly what secret is being sent to the token endpoint.
Full conversation:
https://github.com/microsoft/DataConnectors/issues/298
I am new to Power BI, and starting to use the "From Web" data source. It works great.
But where do I save tokens, so I don't have to provide them as plain-text in every web connection?
I don't seem to find any documentation on variables to do this.
First step is to create a token parameter:
Now open the Advanced Editor, and refrence the token param from above:
In my case, the headers section uses the bearer token pattern:
[Headers=[Authorization="Bearer " & token]]
And ready to roll :)
I have an issue with the scheduled refresh function in Power BI. I have published a PBIX file to the web environment of Power BI. As with other PBIX files, I set the scheduled refresh via the on-premises gateway. My PBIX file has data from several sources (MySQL, OData, other Web connectors).
Setting up and connecting the MySQL source to scheduled refresh (via the gateway) works fine. However, when trying to connect the OData source to the gateway, this fails. The message shows that credentials are invalid, "AccessUnauthorized". However, via PBI Desktop there is no need for me to use credentials (as access is via Anonymous, with an API key "Bearer .........").
The following settings are used (in the gateway setup tab):
Type of source: OData
URL: https://tcodata.azurewebsites.net/estimates
Authentication method: Anonymous
Privacy-settings: None
The following code is used in PBI Desktop:
let
apiUrl = "https://tcodata.azurewebsites.net/estimates",
Source = OData.Feed(apiUrl , null, [Implementation="2.0", Headers = #"Authorization"=Text.From(ApiKey)]])
in
Source
The API key refers to ApiKey = Bearer ........(key here)
No real authentication is needed, because it is accessed as Anonymous. However, when setting the scheduled refresh, this does not work (as credentials are said to be invalid).
Help is much appreciated, thanks!
The question was answered on the PowerBI forum:
When refreshing odata source in Power BI service, with the power query code as yours, you don't need to add it under the on-premise gateway, just go to "data setting"->"schedule refresh"->edit credential for that odata source, select "anonymous".
Source
Currently I am getting Power BI Report from Power BI services with access token and embedding this report into IFrame using Azure AIDL Authentication.
Using this Java Library I am getting an JWT access token and fetching into my Power Bi report.
Below are the problems with this approach:
1) Access token has a short validity of 60 mins. and after that I fetch new access token using refresh token.
2) But the refresh token itself has a validity of 14 days and after that I need to manually log in and update the refresh token manually.
I want to avoid manual log in and wondering if there is any way to make this automatic.
Any suggestions would be appreciated.