cancel
Showing results for 
Search instead for 
Did you mean: 
Reply
hsheikhali Frequent Visitor
Frequent Visitor

Cannot get access token.

Hello Guys,

 

I am having trouble getting a response with the access token. Here is the error I am getting after registering my native app.

 

{
"error": "invalid_grant",
"error_description": "AADSTS70002: Error validating credentials. AADSTS50126: Invalid username or password\r\nTrace ID: cf7bc173-6506-48cb-8729-0258325c9800\r\nCorrelation ID: cf2c4bad-1b0f-40be-bfc3-32a29b1b8551\r\nTimestamp: 2018-09-13 20:42:53Z",
"error_codes": [
70002,
50126
],
"timestamp": "2018-09-13 20:42:53Z",
"trace_id": "cf7bc173-6506-48cb-8729-0258325c9800",
"correlation_id": "cf2c4bad-1b0f-40be-bfc3-32a29b1b8551"
}

 

Can I get some pointers? I registered the app and made sure I gave the proper permissions..

1 ACCEPTED SOLUTION

Accepted Solutions
hsheikhali Frequent Visitor
Frequent Visitor

Re: Cannot get access token.

Here is my solution:

 

const axios = require('axios');
const adal = require('adal-node');


const getAccessToken = () => {
  const config = {
    username: 'Your Username',
    password: 'Your Password',
    clientId: 'Your Client ID',
    resource: 'https://analysis.windows.net/powerbi/api'
  }

  const authority = 'https://login.microsoftonline.com/Your Tenant'; 
  // Tenant can be found in the Azure Portal.
  // When you access Azure AD, it should show your the name of your tenant.
  // Don't have a link but you can figure out where to get this with some googling.


  let context = new adal.AuthenticationContext(authority, true)
  const callback = (err, accessToken) => {
    if (!err) {
      console.log(accessToken.accessToken); // Returns access token.
      makeApiCall(accessToken.accessToken); --> This is my actual API call.
    } else {
      console.log(err);
    }
  }
  context.acquireTokenWithUsernamePassword(
    config.resource,
    config.username,
    config.password,
    config.clientId,
    callback
  );
}

const makeApiCall = (token) => {
  const config = {
    headers: {
      'Authorization': "Bearer " + token,
      'Content-Type': 'application/x-www-form-urlencoded',
      'Accept': 'application/json'
    }
  };

// These options are only used when generating a embedToken.
//{ //accessLevel:"View", //allowSaveAs:"false" //}, const url = 'https://api.powerbi.com/v1.0/myorg/groups/5cfa7118-e1eb-4008-afe7-239e5286b9f1/reports/'; axios.get(url, config) .then(response => { let result = response.data; console.log(result); }) .catch(err => { console.log(err); console.log(err.response.status); console.log(err.response.statusText); }) } getAccessToken();
12 REPLIES 12
ericleigh007 Regular Visitor
Regular Visitor

Re: Cannot get access token.

most likely need to see your outgoing packet to figure that out, and what code you're using would also help.

 

Obviously the erorr says invalid username or password, but it could be that they're there and correct but not in the correct format.

 

In .NET Core, I'm doing this:

            string authBody = $@"
			grant_type = password
			&resource ={WebUtility.UrlEncode(resourceString)}
			&username ={WebUtility.UrlEncode(username)}
			&password ={WebUtility.UrlEncode(password)}
			&client_id ={clientId}
            &client_secret={ WebUtility.UrlEncode(secret)}";
hsheikhali Frequent Visitor
Frequent Visitor

Re: Cannot get access token.

I plan on getting all the required data to make an API call to the PBI REST Apis for embedded purposes using JavaScript. Right now I am using Postman to get a feel for where to start. Unfortunately I cannot use .NET since I will be unable to run the server side code on our architecture as of right now. I has to be in JS.

hsheikhali Frequent Visitor
Frequent Visitor

Re: Cannot get access token.

Here is what I my post body looks like and the url im hitting.

 

mypostcall.png

ericleigh007 Regular Visitor
Regular Visitor

Re: Cannot get access token.

I'm using this authority URL

https://login.windows.net/{tenantID}/oauth2/token

Where {tenantID} is my AAD tenant.  I believe that /common/ works as well, but without tenantID some of the context of one's tenant may be lost.  Samples I've seen recommend the authority URL format I'm using.

 

Also, you may have noticed that my body also includes the client secret.  I think without the client secret, the information will be invalid.  If you run fiddler, do you see any additional infomation about the error?

 

I hope this info gets you there.

 

-thanks

-e

 

hsheikhali Frequent Visitor
Frequent Visitor

Re: Cannot get access token.

This may be a beginner question -- but where do I get the tenant id and client secret? I thought client secret was only for the server side option not the native one?

ericleigh007 Regular Visitor
Regular Visitor

Re: Cannot get access token.

The problem isn't that we're on the client side or the server side, but whether we can support having the user enter credentials.  I'm not able to support that in my circumstance (which is a use from an Azure function).

 

So, if you can support the user entering username and password, you may be able to get away with something else.  Sorry, I have not tested those scenarios.

 

In that case, I might start with something like this from Github.

https://github.com/AzureAD/azure-activedirectory-library-for-js

 

Obviously, if you do have a client-side scenario, security is important -- you cannot have client secrets and passwords floating around in the app.

 

Sorry I couldn't help more, but my usage doesn't seem as if it is like yours.

 

Good luck.

-e

hsheikhali Frequent Visitor
Frequent Visitor

Re: Cannot get access token.

That's fine thanks for the help. I am still experiencing the same error and fiddler doesn't show me anything different. I might move to a node solution but I need to know how I can get an access_token.. Or why I am seeing that error when I've registered my app. Doesn't make sense to me 

hsheikhali Frequent Visitor
Frequent Visitor

Re: Cannot get access token.

Okay I figured it out!! I wasn’t passing the parameters properly to get the accessToken. Now I got the tolen just fine and realized i dont have the appropriate permission on the app in AAD to get the embedcode

For those curious I used ADAL with node to get the access token
ericleigh007 Regular Visitor
Regular Visitor

Re: Cannot get access token.

just to close the loop, you should share your solution here.  

 

The purpose of these forums assist with people who are having a problem, and they come to see the solution.

 

I'm sure sharing a few lines of code will help somebody and they won't have to wait for an answer.

 

-thanks

-e