Search code examples
oauthpowerbiazure-active-directoryazure-billingazure-oauth

Power Bi Azure Cost Management - oauth token


I use Azure Cost Management connector to retrieve data directly info Power Bi. There is an authentication process which based on personal account generate OAuth token (automatically). Token is valid only 1hour. Am I able to have longer expiration time? I've added new policy but it's only for service principal, not for personal account.


Solution

  • Approach 1 By default, the Expiration token is available for 1 hour or 60-75 minutes max depending on the reliability of service, and you cannot increase the access token session lifetime for User Accounts, As Access token lifetime policies can only be applied to Service principal and not User Account, Also It’s a not a recommended practice to increase the User Session to avoid malicious activity. Please refer this document: https://learn.microsoft.com/en-us/azure/active-directory/develop/configure-token-lifetimes#create-a-policy-for-web-sign-in “This can be set for all apps in your organization or for a specific service principal. They can also be set for multi-organizations (multi-tenant application).”

    Approach 2 Instead of increasing the access token expiry, you can refresh the access token before its expiration time.

    Method 1: You can set one custom function to create a refresh token and get the access token in response for your user accounts like the answer provided in this Power BI forum - [https://community.powerbi.com/t5/Power-Query/Channel-Advisor-API-Connection-with-auth-key-creation/td-p/2208091] enter image description here nd then use the response token to access Azure billing data in Power BI.

    Method 2: The Access tokens are either Azure AD token for organizational users or Embed token that can be sent to your customers accessing your data. As you are using Azure AD token, you can refresh the Token by below methods:

    1. Directly via setAccessToken API await report.setAccessToken (newAccessToken)

    2. Manually via getNewUserAccessToken(). This Function will call the application at backend and will generate and refresh the access token.

    enter image description here

    1. Automatically by setting an Event hook in your embedding configuration and calling the event hook to generate new token before the expiration time of the current token set accessTokenProvider function parameter in the embed configuration. Once the token is close to expiry it embeds config calls the accesstokenProvider and gets the new token.