cancel
Showing results for 
Search instead for 
Did you mean: 
Reply
daniel12
Frequent Visitor

PowerBI Embedded: Embed Token Expiration?

Hi there,

 

simple question: PowerBI embedded embed tokens require to specify a time span for validity of the tokens. What is the best practice for the time span - eg. can I simply set the validity (exp: claim in JWT token) to large values like +8 hours to minimize issues with expiring tokens? How can an application embedding PowerBI embedded react to expired tokens? Currently when a token expires I seem to just get a "content is not available" from PowerBI. Any insights are highly welcome.

 

Cheers

Daniel

 

5 REPLIES 5
jocaplan-MSFT
Microsoft
Microsoft

It is normally best to keep the token as short as needed. One hour is usually standard. This is just in case the tokens happen to leak out. There are good reasons why you may want to make them longer; 2 - 8+ hours. It really depends on the scenario and how much of a risk long lived tokens would be for you.

KumarDarmesh
Helper IV
Helper IV

There seems not way to change the expiration span, the demo shows it in 5 mintues.

https://azure.microsoft.com/en-us/documentation/articles/power-bi-embedded-what-is-power-bi-embedded...

Well you can set the expiration span as it's described here: https://azure.microsoft.com/en-us/documentation/articles/power-bi-embedded-app-token-flow/ (search for exp). But my question is more about best practices around how the embedding application can catch a situation where the report embed token has already expired and must be refreshed. Currently when you hit a dashboard where the token has already expired it just shows ugly errors.

Thanks

Daniel

 

ThomasDay
Impactful Individual
Impactful Individual

@daniel12  did you find out a way to prevent the ugly errors?  Here's what my embedded site looks like after a short time (sometimes 3 minutes--sometimes somewhat longer) if I select a new report tab.  Spectacularly awful, no?  Any ideas here?

Capture.PNG

In a server generated app you can get around this by generating a token for each render of the page.

 

In a single page app (SPA) - one option is to set a client-side timer on your page/view that is shorter than your token expiration.  At that point you can regenerate the token and reload the report passing in the new access token.

Helpful resources

Announcements
UG GA Amplification 768x460.png

Launching new user group features

Learn how to create your own user groups today!

November Power BI Update 768x460.png

Check it Out!

Click here to read more about the November 2021 Updates!

M365 768x460.jpg

Microsoft 365 Collaboration Conference | December 7–9, 2021

Join us, in-person, December 7–9 in Las Vegas, for the largest gathering of the Microsoft community in the world.