Acquire access token from Azure AD for native app registration (PowerBI) using client credentials
I am using adal4j (version 1.2.0) from a backend application to acquire an access token to be able to use the PowerBI REST APIs to embed reports (more specifically, the GenerateToken method). I have registered a native app in Azure, and provided it the necessary permissions. I can acquire an access token using a username/password combination as follows:
AuthenticationContext ac = new AuthenticationContext("https://login.windows.net/TENANT_ID/oauth2/authorize", false, es);
Future<AuthenticationResult> f = ac.acquireToken("https://analysis.windows.net/powerbi/api", CLIENT_ID, USERNAME, PASSWORD, null);
And then use the token to authenticate to the APIs successfully, and ultimately show the embedded report. However, I my case, I would like to of course use the client credentials (client ID, client secret) instead of a user account. I can acquire the token again as follows:
AuthenticationContext("https://login.windows.net/TENANT_ID/oauth2/authorize", false, es);
ClientCredential cc = new ClientCredential(CLIENT_ID, CLIENT_SECRET);
Future<AuthenticationResult> f = ac.acquireToken("https://analysis.windows.net/powerbi/api", cc,null);
The client ID is the application ID of the registered native app, and the client secret is defined by adding a key to the application. Again, I get the token, but now I am not able to use it to authenticate against the APIs anymore (HTTP 403, without any further details).
So my question is, that is this a valid scenario that should work in the first place, and/or am I just missing a piece of technical information either in Azure or using adal4j?
Edit: Below is a screenshot of the delegated app permissions.
AFAIK , Power BI REST API only supports delegated permissions but does not support any application permissions . You will find no application permission available in azure portal . So Power BI REST API doesn't allow client credential flow without user identity . Related threads here and here are for your reference .
If you want to connect to Power BI REST API from a Service , you could use Resource Owner Password Credentials Grant flow .
- Listing the Tables in the Storage Account using ADF Web Activity is failed with an authorization error
- Terraform with Azure Key Vault to get secret value
- No value provided for parameter `container_name` in the Get Metadata1 activity
- Pagination with oauth azure data factory
- Using Managed Identity to connect to a queue from a WebJob
- How to integrate GPT-4 model hosted on Azure with the gptstudio package?
- Azure - Virtual network Gateway vs VPN gateways
- Azure CLI won't login on MacOS
- Replicating Azure SQL DB and blob storage in multi region setup
- Reading Azure Entra ID Diagnostic Settings
- Azure Traffic Manager Endpoint: The following locations specified in the geoMapping property for endpoint are not supported
- Assign specific agent on Azure DevOps YAML Pipelines
- GetBlob request is failing, when PutBlob and ListBlob are successfull
- Scheduled alert rule created in Terraform doesn't work
- New NIC with public IP has no internet connection, while existing NIC works fine
- BlobClient#generateSasUrl automatically %-encode blob path
- How to do copy of all the containers without explicitly mentioning in the array between two different storage accounts
- Azure Application Gateway WAF with False Positive on SQL Injection
- Application ID URI Throwing Error in Azure AD App Registration using Terraform
- Is it possible to use email name other than "DoNotReply" in Azure Email Communication Services?
- installing an SSL on Azure ubuntu web server
- How do I add a Spring Initializr dependency (eg Microsoft Azure) after the project is created?
- NvidiaGpuDriverLinux fails to install on NC6 instance
- How to get client secret expiry date using the azure AD graph API
- Can't get OneNote data using graph api from microsoft
- Adding Custom Python library in Azure Synapse
- Cannot run .NET Core application on Linux in Azure App Services with linuxFxVersion: 'DOTNETCORE:8.0'
- Unable to connect from Azure data factory to postgres flexible server using private endpoint
- Microsoft graph return "access token is empty"
- How to use empty disk spaces under /dev/sdb1 on Azure?