Skip to main content
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Register now to learn Fabric in free live sessions led by the best Microsoft experts. From Apr 16 to May 9, in English and Spanish.

Reply
Phil0001
Regular Visitor

AADSTS50001 - Specify resource_id in www-authenticate response header?

‎12-12-2017 02:20 PM

We are connecting to an API to get data.

 

Authentication is via AAD and this is working successfully since we added the www-authenticate response header identifying the authorization url:

e.g.

WWW-Authenticate: Bearer authorization_uri=https://login.microsoftonline.com/xyz/oauth2/authorize

 

However, we then get the AADSTS50001 error "The application named X was not found in the tenant named Y". In fact the resource we are targetting *does* exist, it is just named differently. (The AAD application name does not match the API endpoint domain name as seems to be expected\assumed).

 

If we create an AAD application with the assumed name (https://api.xxx.co.nz) we can get it to work and return data, but that's just a cumbersome workaround.

 

Can we specify the resource_id in the www-authenticate response header along with the authorization_uri, something like this:

 

Bearer authorization_uri=https://login.microsoftonline.com/xyz/oauth2/authorize, resource_id=https://xxx.dev.yyy.co.nz

 

 

Labels:
Message 1 of 7
1,995 Views
6 REPLIES 6
Anonymous
Not applicable

‎09-08-2020 11:35 AM

Hi, All,

 

I have similar problem. Is there any solution to it?

 

Thanks.

Message 7 of 7
1,307 Views
0
Anonymous
Not applicable

‎07-03-2020 05:20 AM

Hey, 
I have the same problem, somebody resolve this problem?

 

Cheers,

M

Message 6 of 7
1,356 Views
0
Eric_Zhang
Employee
Employee

‎12-14-2017 01:43 AM
@Phil0001 wrote:

We are connecting to an API to get data.

 

Authentication is via AAD and this is working successfully since we added the www-authenticate response header identifying the authorization url:

e.g.

WWW-Authenticate: Bearer authorization_uri=https://login.microsoftonline.com/xyz/oauth2/authorize

 

However, we then get the AADSTS50001 error "The application named X was not found in the tenant named Y". In fact the resource we are targetting *does* exist, it is just named differently. (The AAD application name does not match the API endpoint domain name as seems to be expected\assumed).

 

If we create an AAD application with the assumed name (https://api.xxx.co.nz) we can get it to work and return data, but that's just a cumbersome workaround.

 

Can we specify the resource_id in the www-authenticate response header along with the authorization_uri, something like this:

 

Bearer authorization_uri=https://login.microsoftonline.com/xyz/oauth2/authorize, resource_id=https://xxx.dev.yyy.co.nz

 

 

@Phil0001

What API is connected to get data? You description is confusing as it seems to have nothing to do with Power BI. Since your question is more related to Azure AD, for better response, I'd suggest you post in the dedicated Azure AD forum.

Message 2 of 7
1,960 Views
0
Phil0001
Regular Visitor
In response to Eric_Zhang

‎12-14-2017 11:15 AM

@Eric_Zhang

Hi,
It is related to Power BI Desktop accessing an OAuth protected API but seemingly providing no way for us to specify the OAuth resource.

 

We can get authentication working by sending the authorization_url in the www-authenticate response header, but we cannot specify the OAuth resource to target so accessing the API ultimately fails after authentication.

 

We have no trouble with AAD generally but when accessing our API's through Power BI Desktop we have a lot of trouble, hence my question is here!

 

So,
I have captured in Fiddler the request sent by pbidesktop.exe to login.microsoftonline.com. As you can see the 'resource' is hardcoded as the API we are accessing. (I've separated parameters for clarity). This 'resource' is not correct and is what is causing the issue.

To reiterate, this is POWER BI crafting this HTTP request and sending it to the specified authorization_url but also adding a few parameters of it's own, some of which we really need to specify somehow - 'resource':
 
GET https://login.microsoftonline.com/dev2.onmicrosoft.com/oauth2/authorize
?state=9d21fd
&display=popup
&client_id=a672
&redirect_uri=https://de-users-preview.sqlazurelabs.com
&resource=https://myapi.dev.domain.co.nz <----WRONG, BUT WE CANNOT CHANGE?
&response_type=code
&prompt=select_account
&scope=user_impersonation
&mkt=en-US

 

How do we specify to Power BI the actual OAuth 'resource' we are targetting - either through the UI for accessing web data, or in the www-authenticate response header we send from our API?

 

e.g.

www-authenticate: Bearer authorization_uri=https://login.microsoftonline.com/xyz/oauth2/authorize, resource_id=https://xxx.dev.yyy.co.nz

 

 

 

Message 3 of 7
1,946 Views
Phil0001
Regular Visitor
In response to Phil0001

‎01-07-2018 01:24 PM

@Eric_Zhang

got any ideas?

 

Ta

 

Message 4 of 7
1,905 Views
0
lars_k
Advocate I
Advocate I
In response to Phil0001

‎07-09-2019 06:08 AM

@Phil0001 Were you ever able to get this working?
@Eric_Zhang I have the same problem. We could really use some help here! Thanks!

Message 5 of 7
1,545 Views
0

Helpful resources

Announcements
Microsoft Fabric Learn Together

Microsoft Fabric Learn Together

Covering the world! 9:00-10:30 AM Sydney, 4:00-5:30 PM CET (Paris/Berlin), 7:00-8:30 PM Mexico City

PBI_APRIL_CAROUSEL1

Power BI Monthly Update - April 2024

Check out the April 2024 Power BI update to learn about new features.

April Fabric Community Update

Fabric Community Update - April 2024

Find out what's new and trending in the Fabric Community.

View All
Top Solution Authors
View All