Obtain a Microsoft bearer token using an app registration and read from a Dataset
Following my previous question Power BI, connect directly to a dataset from a nodeJS app I have been unable to get an access token without using user credentials.
So far I have created an app registration inside the azure AD with a client secret and the following API permissions:
Now for some reason, the account that is being used to connect to the dataset says that permission is not granted for my organization. (Not sure if I actually need that)
Is there a way to achieve retrieving this bearer token required to read a dataset from PowerBI without having to input or store a username and password within the application?
You can make use of client credentials flow to get an access token without including user credentials.
I registered one Azure AD application named SriPowerBi like this:
Now, I created one security group and added above service principal as member to it as below:
Login to Power Bi Admin portal and enable below option by adding the security group to it under Developer settings like this:
Make sure to provide access to either the service principal or security group in your Power Bi workspace:
Note that, you need to wait for
15-20minutes after granting access as there will be delay and generate access token using client credentials flow.
In my case, I generated access token using client credentials flow via Postman with below parameters:
POST https://login.microsoftonline.com/tenantId/oauth2/v2.0/token
grant_type:client_credentials
client_id: appId
client_secret: secret
scope: https://analysis.windows.net/powerbi/api/.default
Response:
When I used this token to read dataset details, I got response successfully like this:
GET https://api.powerbi.com/v1.0/myorg/groups/{group_id}/datasets/{dataset_id}/
Response:
Reference: Embed Power BI content with service principal and an application secret - Power BI | Microsoft