We are currently working on Embedding Power BI Reports into our web application. To achieve that we are following the instructions on official power bi documentation:
https://learn.microsoft.com/en-us/power-bi/developer/embed-service-principal#get-started-with-a-service-principal
We are on the “app owns data” case thus we will user service principal. There is also “access with master account” option but I could not find a way to generate token via REST API, it works only via .NET samples provided which is not compatible with out stack. Moreover, in all the samples I have examined, token is retrieved from the security context of currently logged in user(So not via REST API). So “access with master account” is not an option for us.
We followed the steps in the link above one by one:
On step 6 where we embed the report in our applications we are having issues. Here is what we do:
URL: https://login.microsoftonline.com/{$tenantId}/oauth2/v2.0/token
Request Body:
grant_type: client_credentials
scope:https://graph.microsoft.com/.default
client_id:${clientId} (from our created server-side web application) >
client_secret:${client_secret} (from our created server-side web application)
Header: Content-Type: application/x-www-form-urlencoded
Response: { "token_type": "Bearer", "expires_in": 3600, "ext_expires_in": 3600, "access_token": "eyXXXXXXXXXXXXXXXXX....XXX" }
URL:
https://api.powerbi.com/v1.0/myorg/groups/${groupId}/reports/${reportId}/GenerateToken (groupId and reportId fetched from power bi dev portal where we have our reports)
Request Body: { "accessLevel": "View", "allowSaveAs": "false" }
Header: Content-Type: application/json
Charset:utf-8 Accept: application/json
Authorization: Bearer ${access_token_from_step1}
Response: HTTP 403 (which means forbidden)
Unfortunately we are stuck at this point. We can not generate embed token which we will use to embed our reports/dashboards into our application. Although we have been through lots of online docs/discussions we could not find a solution. So here is what we need help.
Notes:
-We are creating/publishing reports using Power BI Desktop and our power bi pro account. (Although we are trying to embed them using service principal)
-We have run into this stackoverflow answer that claims we need to use resource owner flow instead of client credentials flow. But I believe it is against power bi documentation that states service principal can be applied without using any user/password.
The scope you defined when generating Access Token For Service Principal is not correct.
Try to use https://analysis.windows.net/powerbi/api/.default
instead of https://graph.microsoft.com/.default
Note: There are many limitations when use service principal.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With