Hello All;
I have been trying for a while to get an embedded solution to work, as a proof of concept. But I am struggling with the Http requests.
This is trying to follow the "App owns data" "example".
https://docs.microsoft.com/en-us/power-bi/developer/embed-sample-for-customers
I have created a Native application. I have given it the correct permissions, I used a global admin account, and I granted permissions within Azure Portal.
The following method works fine within PostMan (ie all the correct information is given). https://community.powerbi.com/t5/Developer/How-To-Get-embed-token-using-Get-Post-only/td-p/294475
However it fails when I try to call the first request (/oauth2/token) with Javascript. All parameters are identical, I have double and triple checked them.
My code is as follows:
getAccessToken(Password): string{
const url = "https://login.windows.net/{tenantID}/oauth2/token";
const headers = new HttpHeaders( {
"Content-Type": "application/x-www-form-urlencoded"
});
const requestBody = {
"grant_type": "password",
"scope": "openid",
"resource": "https://analysis.windows.net/powerbi/api",
"client_id": this.getClientID(),
"username": this.getUsername(),
"password": Password
}
var accessTokenRequestReponse = this.httpClient.post(url, requestBody, {headers: headers}).subscribe(
(reponse) => {
console.log(reponse)
console.log(reponse['access_token'])
},
(error) => {console.log(error)}
)
return("");
}
I have tried this endpoint with variations of the url, ie
https://login.windows.net/{tenantID}/oauth2/v2.0/token
https://login.windows.net/common/oauth2/v2.0/token
https://login.windows.net/{tenantID}/oauth2/token
https://login.windows.net/common/oauth2/token
https://login.microsoftonline.com/common/oauth2/token
https://login.microsoftonline.com/{tenantID}/oauth2/token
All of these are the same, they fail in JS, yet work in postman.
Initially the error was CORs. However I spun up a website on Azure, and put a build there and the issue persisted (ie not due to localhost). I had listed all urls (http:localhost:4200/powerBI and https://mywebsite.azure.net) in the redirect section of the azure native app. I also set the allow implicit flow to true, in the manifest.
I used the following chrome extension to allows CORs requests.
I found this on one of the posts on this forum, but I currently cant re-find it.
Once this is active to allow the CORs requests, I get a 400 (Bad request) error on my request.
I get the following information in the error:
error:"invalid_request"
error_codes:[90014]
error_description:"AADSTS90014: The request body must contain the following parameter: 'grant_type'.
↵Trace ID: c4ce24c7-{...}d00
↵Correlation ID: 21a2c8d0-{...}87
↵Timestamp: 2018-04-26 {...}"When I examine this in the Network section of chrome, I find that the call has "grant_type" in it
Request Headers:
Accept: application/json, text/plain, */*
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9
Connection: keep-alive
Content-Length: 260
Content-Type: application/x-www-form-urlencoded
Host: login.windows.net
Origin: http://evil.com/ #Note this is from that chrome extenstion
Referer: http://localhost:4200/powerBI
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.181 Safari/537.36
Form Data:
{
"grant_type":"password",
"scope":"openid",
"resource":"https://analysis.windows.net/powerbi/api",
"client_id":"{clientID}",
"username":"{username}@{tenant}.onmicrosoft.com",
"password":"{password}",
"tenant":"{tenant}.onmicrosoft.com"
}:
I believe this is meant to be the implicit flow
but I cant find anything on the documentation page on this call, and the other pages all seem to revolve around redirecting the user to mircosoft login page, and then redirecting back to the application, which defeats the goal of the "App owns data" as I want to display to non powerBI users.
Apologies for the long post. And many thanks to anyone who read it/has any advice.
Kind Regards
Christy
