Skip to main content
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Earn a 50% discount on the DP-600 certification exam by completing the Fabric 30 Days to Learn It challenge.

Reply
atirait
New Member

Getting bearer token from Graph API

‎02-02-2024 03:32 PM

Hi Community,

 

I am trying to get data from graph API into a PowerBi report. I keep receiving this error when trying to get the bearer access token:

atirait_0-1706914752153.png

 

I have created the app registration in my Azure tenant and I am using a self signed certificate to authenticate. I then created a PowerShell script to generate the JWT-bearer based on my certificate to use as the client assertion type for the API call to get the bearer token (all of these steps are working fine). Then I am trying to get the bearer access token using the Power Query (this is the step that is causing issues). This my current code:

 

//Params are stored separately for TenantID, ClientID, Scope, Resource

let

Url = "https://login.microsoftonline.com/" & TenantID & "/oauth2/token",
Body = [
scope = Scope,
client_id = ClientID,
resource = Resource,
grant_type = "client_credentials",
client_assertion_type = "jwt-bearer",
client_assertion = "insert jwt-bearer here"
],

tokenResponse =
Json.Document(
Web.Contents(
Url, [
Headers = [Accept = "application/json", ContentType = "application/x-www-form-urlencoded"],
Content = Text.ToBinary(Uri.BuildQueryString(Body)),
ManualStatusHandling = {400}
]
)
),
accessToken = tokenResponse[access_token]
in
accessToken

 

I am struggling to find relevant documentation to point me the right direction. Every single example I have found on the internet is using a client secret which I cannot use as it not secure for a daemon application. Is it possible that Power Query does not support JWT-bearers as your client assertion type? I also received the same error when trying to retrieve the bearer access token from Postman and I found this post that mentioned JWT-bearers are not supported yet: https://community.postman.com/t/oauth2-client-credentials-grant-flow-with-certificate/28673.

 

 I was able to generate a valid bearer access token using only PowerShell however, as soon as I try to use Power Query, it continues to fail. If this feature is not supported in Power Query, that would be extremely frustrating as Microsoft itself warms you that client secrets are not secure enough when you do the app registration!

 

If anyone has faced similar issue, or has suggestions or relevant documentation that may help, please let me know! Any help would be great appreciated!

Labels:
Message 1 of 2
324 Views
0
1 REPLY 1
Greg_Deckler
Super User
Super User

‎02-02-2024 03:44 PM

@atirait See the documentation here which covers OAuth authentication. Handling authentication for Power Query connectors - Power Query | Microsoft Learn.

You can optionally use a certificate or a federated identity credential instead of a client secret with the Graph API but those are the only other authentication mechanisms mentioned in the Graph API documentation. Authentication and authorization basics - Microsoft Graph | Microsoft Learn


@ me in replies or I'll lose your thread!!!
Instead of a Kudo, please vote for this idea
Become an expert!: Enterprise DNA
External Tools: MSHGQM
YouTube Channel!: Microsoft Hates Greg
Latest book!: The Definitive Guide to Power Query (M)

DAX is easy, CALCULATE makes DAX hard...
Message 2 of 2
314 Views
0

Helpful resources

Announcements
LearnSurvey

Fabric certifications survey

Certification feedback opportunity for the community.

April Fabric Community Update

Fabric Community Update - April 2024

Find out what's new and trending in the Fabric Community.

View All
Top Solution Authors
View All
Top Kudoed Authors
View All