I recently watched Ted Pattison's "Using App-only Authentication with Power BI Embedding with Ted Pattison" video https://www.youtube.com/watch?v=ZhMfpdXLIw0 .
This discusses a newer way to authenticate using a service principal rather than user credentials.
It seems to me that in the JavacScript world, when getting the embed token in either case, you are at some point required to divulge either your App Master credentials (old approach), or you app secret or certificate password (newer approach). How do we avoid disclosing these items? I do not see code examples that show this. I suspect we need to use some encryption / decryption technique? Is there a standard approach?
Hi Cherie, Thank you for your response. The article mentioned is not for Power BI "Embedded". It prompts the user for Power BI Credentials, which should not happen in an embedded scenario.