Skip to main content
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Register now to learn Fabric in free live sessions led by the best Microsoft experts. From Apr 16 to May 9, in English and Spanish.

Reply
pkmelee337
New Member

Power BI Rest Api with the ADAL JS library

‎08-09-2017 06:29 AM

Hi,

 

In a web part I am creating (only JS) I am using the javascript ADAL library to authenticate users and retrieve access tokens. I have set up te correct registration in AD, found a report ID, ADAL config is correct with the right enpoint, client ID and I am retrieving the access token with the correct graph resource. So far, so good.

 

Now when I am trying to retrieve an embed report (using the npm powerbi-client package or via jquery post) I am getting the 403 (Forbidden) error. I tried googling stackoverflow and this forum, found some answers and all off them came back to the same solution: "add username and password to your login call".

 

Haven't tried it so far because it is not even possible to add it in the default adal js library (as far as I know), but in an javascript app this will for sure result in an security issue. Where do I store the username and password or does the user have to login every time he accesses the power bi web part?

 

Am I missing something and how do you guys handle this problem?

 

With kind regards,

Henk ter Harmsel

Labels:
Message 1 of 4
3,003 Views
0
1 ACCEPTED SOLUTION
Eric_Zhang
Employee
Employee

‎08-09-2017 08:20 PM
@pkmelee337 wrote:

Hi,

 

In a web part I am creating (only JS) I am using the javascript ADAL library to authenticate users and retrieve access tokens. I have set up te correct registration in AD, found a report ID, ADAL config is correct with the right enpoint, client ID and I am retrieving the access token with the correct graph resource. So far, so good.

 

Now when I am trying to retrieve an embed report (using the npm powerbi-client package or via jquery post) I am getting the 403 (Forbidden) error. I tried googling stackoverflow and this forum, found some answers and all off them came back to the same solution: "add username and password to your login call".

 

Haven't tried it so far because it is not even possible to add it in the default adal js library (as far as I know), but in an javascript app this will for sure result in an security issue. Where do I store the username and password or does the user have to login every time he accesses the power bi web part?

 

Am I missing something and how do you guys handle this problem?

 

With kind regards,

Henk ter Harmsel

@pkmelee337

Since this is not Azure AD forum, so we may not give you better support for ADAL JS library.

 

However I can still give you my two cents.

At first, please ensure that you've grant sufficient permissions to the registered app.

Secondly, based on my test, username and password are not mandatory. Based on my test, the accesstoken generated from authorization code approach can work to get the reports from Power BI.

You need.

1. send a GET request

https://login.windows.net/common/oauth2/authorize?client_id={client_id}
&response_type=code
&redirect_uri={redirect_uri of your registered app}

2. send a POST request

POST /common/oauth2/token HTTP/1.1
Host: login.windows.net
Content-Type: application/x-www-form-urlencoded
Cache-Control: no-cache
Postman-Token: 990496e9-1d11-7aa5-faf7-f3dc152e8beb

client_secret={client_secret}&client_id={client_id}&grant_type=authorization_code&resource=https%3A%2F%2Fanalysis.windows.net%2Fpowerbi%2Fapi&redirect_uri={redirect_uri}&code={code from above}

 

View solution in original post

Message 2 of 4
4,087 Views
3 REPLIES 3
Eric_Zhang
Employee
Employee

‎08-09-2017 08:20 PM
@pkmelee337 wrote:

Hi,

 

In a web part I am creating (only JS) I am using the javascript ADAL library to authenticate users and retrieve access tokens. I have set up te correct registration in AD, found a report ID, ADAL config is correct with the right enpoint, client ID and I am retrieving the access token with the correct graph resource. So far, so good.

 

Now when I am trying to retrieve an embed report (using the npm powerbi-client package or via jquery post) I am getting the 403 (Forbidden) error. I tried googling stackoverflow and this forum, found some answers and all off them came back to the same solution: "add username and password to your login call".

 

Haven't tried it so far because it is not even possible to add it in the default adal js library (as far as I know), but in an javascript app this will for sure result in an security issue. Where do I store the username and password or does the user have to login every time he accesses the power bi web part?

 

Am I missing something and how do you guys handle this problem?

 

With kind regards,

Henk ter Harmsel

@pkmelee337

Since this is not Azure AD forum, so we may not give you better support for ADAL JS library.

 

However I can still give you my two cents.

At first, please ensure that you've grant sufficient permissions to the registered app.

Secondly, based on my test, username and password are not mandatory. Based on my test, the accesstoken generated from authorization code approach can work to get the reports from Power BI.

You need.

1. send a GET request

https://login.windows.net/common/oauth2/authorize?client_id={client_id}
&response_type=code
&redirect_uri={redirect_uri of your registered app}

2. send a POST request

POST /common/oauth2/token HTTP/1.1
Host: login.windows.net
Content-Type: application/x-www-form-urlencoded
Cache-Control: no-cache
Postman-Token: 990496e9-1d11-7aa5-faf7-f3dc152e8beb

client_secret={client_secret}&client_id={client_id}&grant_type=authorization_code&resource=https%3A%2F%2Fanalysis.windows.net%2Fpowerbi%2Fapi&redirect_uri={redirect_uri}&code={code from above}

 

Message 2 of 4
4,088 Views
pkmelee337
New Member
In response to Eric_Zhang

‎08-16-2017 05:35 AM

Thank you very much for your reply. I found out my error with the ADAL library thanks to your code. I thought that the code received from the loging request was the same as the access token you're receiving from the get access token request. So my mistake was to always use the loging code token on the first request. Nevertheless the second time it was receiving the access token and that didn't work either. I also simplified the app registration in Azure, so that might have helped too. Will do some tests on that later on.

 

With kind regards,

Henk ter Harmsel

Message 3 of 4
2,962 Views
0
Yaostha
Helper II
Helper II
In response to pkmelee337

‎11-30-2017 08:41 PM

Hi,

   Could you share the sample code?

I am struggling to refer the ADAL.js properly in a webpart and getting accessToken.

 

Regards,

Yasotha

Message 4 of 4
2,650 Views
0

Helpful resources

Announcements
Microsoft Fabric Learn Together

Microsoft Fabric Learn Together

Covering the world! 9:00-10:30 AM Sydney, 4:00-5:30 PM CET (Paris/Berlin), 7:00-8:30 PM Mexico City

PBI_APRIL_CAROUSEL1

Power BI Monthly Update - April 2024

Check out the April 2024 Power BI update to learn about new features.

April Fabric Community Update

Fabric Community Update - April 2024

Find out what's new and trending in the Fabric Community.

View All