cancel
Showing results for 
Search instead for 
Did you mean: 
Reply
CamStillHere
Regular Visitor

Is it possible to use an API Bearer to load a report preauthenticated

I have a rest application with Power BI. I upload a dataset and generate a report.

After the report is uploaded I would like to show the user the report. They have already authenticated to use my REST code... and I have that bearer. Is there any way to show the report without prompting the user to authenticate again? 

1 ACCEPTED SOLUTION

Hi @CamStillHere ,

 

To summarise the steps for hte implicit grant flow with Power BI Embedded and the REST APIs: 

  1. Prompt the user with an Azure AD account to login with its username and password
  2. If successfull you have an id_token
  3. With that id_token you can authenticate to Azure AD together with an application id
  4. If successfull you have an access_token
  5. That access_token you can use to upload the report via the Power BI REST APIs
  6. Use the same access_token as part of the config (together with tokenType: models.TokenType.Aad) with the Power BI Embedded SDK, see https://docs.microsoft.com/en-us/azure/active-directory/develop/scenario-spa-overview for more information.

If I understand correctly you have already implemented the first 5 steps and you only need to implement step 6.

 

-JP

 

View solution in original post

11 REPLIES 11
Jayendran
Solution Sage
Solution Sage

Hi @CamStillHere ,

 

Assuming your users already having PowerBI Pro licenses in that case, you can use the PowerBI Embedded - User owns data

 

Sample Code for the reference: https://github.com/microsoft/PowerBI-Developer-Samples/tree/master/User%20Owns%20Data

 

Here you are using PBI JS to embed your pbi reports using the end users bearer token

This is helpful however looks to require IIS?

Is there a way to embedded it for example in an app that only has a browser (and can send headers along with the browser navigate request)

If this does work without IIS/some sort of hosted solution - is there steps?

Hi 

 

Both App owns data and user owns data require Web Server like IIS

 

Other option is to use Secure Embed : This option help you to embed in any of the apps (don't need any IIS) there are some limitations 

 

Limitations:

  • The user will need to sign-in to view the report whenever they open a new browser window.
  • Some browsers require you to refresh the page after sign-in, especially when using InPrivate or InCognito modes.
  • To achieve a single sign-on experience, use the Embed in SharePoint Online option, or build a custom integration using the User Owns Data approach. Learn more about User owns data
  • The automatic authentication capability provided with the Embed option does not work with the Power BI JavaScript API. For the Power BI JavaScript API, use the User Owns Data approach to embedding. Learn more about User owns data
  • Secure embed does not support paginated reports or dashboards.
  • Embedding in Portals for Azure B2B users is not yet supported.

 

Not sure you can override the autentication and provide the bearer token with this option.

Thank you! That's a wealth of information.

Unfortunately for me I'm using an application (java) that is using a jxbrowser (embedded browser) so native authentication like sharepoint etc don't work. The user is prompted as if in incognito.

 

The other feedback is great too.

 

I'll leave this question open because I'm still wanting to know about using the API bearer token to load the report in some way. If I don't get an answer I'll mark yours as accepted as it's the best I've got in multiple forums so far.

Hi @CamStillHere ,

 

Do you have any update for your question? I'm happy to hear from you , to close this thread !

Unfortunately I don't have an update as I can't raise a ticket to microsoft and I haven't got an answer here as yet.

For my solution I ended up calling the browser and prompting the user to sign in (for a second time) which is a bit cumbersome but it is avoiding the problem for now. I would love to open the report with just the bearer token and I can't find a way that does this.

Hi @CamStillHere ,

 

As long as your bearer token is identifying an AAD user, you can use that token with the REST APIs and to get an EmbedToken to embed a report in your application.

You can take a look at the documentation of creating an SPA application (https://docs.microsoft.com/en-us/azure/active-directory/develop/scenario-spa-overview) with an Implicit Grant authentication schema and that usertoken you can re-use for both parts: REST API and Embedding the report.

 

-JP

Could you elaborate please. The answers above suggest that workflow you have mentioned would require hosting somewhere... To be clear I'd like to purely use the REST API for power bi, and load the report with that bearer.

HI @CamStillHere ,

 

Big advantage of an SPA is that it doesn't need any server-side code and it can run completly in the scope of the user, like a browser with JavaScript.

 

-JP

 

Thank you again, but could you elaborate the workflow to get that working?

Hi @CamStillHere ,

 

To summarise the steps for hte implicit grant flow with Power BI Embedded and the REST APIs: 

  1. Prompt the user with an Azure AD account to login with its username and password
  2. If successfull you have an id_token
  3. With that id_token you can authenticate to Azure AD together with an application id
  4. If successfull you have an access_token
  5. That access_token you can use to upload the report via the Power BI REST APIs
  6. Use the same access_token as part of the config (together with tokenType: models.TokenType.Aad) with the Power BI Embedded SDK, see https://docs.microsoft.com/en-us/azure/active-directory/develop/scenario-spa-overview for more information.

If I understand correctly you have already implemented the first 5 steps and you only need to implement step 6.

 

-JP

 

View solution in original post

Helpful resources

Announcements
PBI User Groups

Welcome to the User Group Public Preview

Check out new user group experience and if you are a leader please create your group!

MBAS on Demand

Microsoft Business Applications Summit sessions

On-demand access to all the great content presented by the product teams and community members! #MSBizAppsSummit #CommunityRocks

MBAS Attendee Badge

Claim Your Badge & Digital Swag!

Check out how to claim yours today!

Top Kudoed Authors