Home > Blockchain >  Get the 403 when using auth token authenticate for the PowerBI REST API
Get the 403 when using auth token authenticate for the PowerBI REST API

Time:09-27

I want to use token authenticate for the Power BI REST APIs. Now I have a service principal, then I using the az command line to login in and generate the token:

az login --service-principal -u ${app_id} -p ${password} --tenant ${tenant_id}

$token= az account get-access-token  --query accessToken

And it does get the token.

However, I could not authenticate my power bi server, I got the error 403 Forbidden.

The service principal have the correct rights and add to the workspace access.

In order to verify the permission, I use the source code of a tripartite extension powerbi action:

https://marketplace.visualstudio.com/items?itemName=maikvandergaag.maikvandergaag-power-bi-actions

And there is function Invoke-API:

Function Invoke-API {
    Param(
        [parameter(Mandatory = $true)][string]$Url,
        [parameter(Mandatory = $true)][string]$Method,
        [parameter(Mandatory = $false)][string]$Body,
        [parameter(Mandatory = $false)][string]$ContentType
    )

    $apiHeaders = Get-PowerBIAccessToken

    ...
    }
    return $result
}

It is using the Get-PowerBIAccessToken to get the token.

So, I using same service principal to connect powerbi service:

$powerbiUrl = 'https://api.powerbi.com/v1.0/myorg'
$sp_secret_key = $Env:sp_secret_key | ConvertTo-SecureString -asPlainText -Force
$organizationType = 'Public'
            
$cred = New-Object System.Management.Automation.PSCredential($sp_client_id, $sp_secret_key)

Connect-PowerBIServiceAccount -Environment $organizationType -Tenant $sp_tenant_id -Credential $cred -ServicePrincipal

Publish-PowerBIFile -WorkspaceName $target_wrokspace_name -FilePattern "$FilePattern" -Create $Create -Overwrite $Overwrite

The function Publish-PowerBIFile will invoke the Invoke-API. Surprisingly, it worked.

This seems to indicate that my Service Principal has sufficient permissions.

But unfortunately, the execution of this function calling Connect-PowerBIServiceAccount requires the installation of the MicrosoftPowerBIMgmt function module,Our production environment is in a high security environment and does not allow me to install this module. So I have to generate a token through Service Principal to complete the authentication.

So my question is, how is the way I generate the token using Service Principal different from the token generated by Get-PowerBIAccessToken? What should I do to be successful?

Any advice would be greatly appreciated.

update:

I grab the token through F12 and use postman to verify the token obtained by F12 and the token obtained by az account get-access-token --query accessToken, and it is concluded that the token obtained by F12 is valid. So how to generate a valid token through sp or does generating a token require additional permission settings?

CodePudding user response:

Please add --resource https://analysis.windows.net/powerbi/api to your az account get-access-token command to retrieve the access token for Power BI Rest APIs.

Page link:https//www.codepudding.com/Blockchain/556502.html

Prev:Persist the login state in Next js using localstorage
Next:Why shouldn't you allow phones to be used both for password resets and multi-factor authenticat
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding