Azure AD On-Behalf-Of flow for power bi management

Question

I successfully set up "Azure AD On-Behalf-Of flow", my web api secured actions call and ms graph api calls work as well. No I added more grants which are related to power bi. I want to read/write workspaces/reports etc from the web api I tried that:

string[] scopes = { "Capacity.Read.All", "Capacity.ReadWrite.All",
    "Content.Create", " Dashboard.Read.All", " Dashboard.ReadWrite.All",
    "Data.Alter_Any", "Dataset.Read.All", "Dataset.ReadWrite.All", "Group.Read", "Group.Read.All",
    "Metadata.View_Any", "Report.Read.All", "Report.ReadWrite.All", "Tenant.Read.All",
    "Workspace.Read.All", "Workspace.ReadWrite.All"};
string accessToken = await _tokenAcquisition.GetAccessTokenOnBehalfOfUser(HttpContext, scopes); // error
var tokenCredentials = new TokenCredentials(accessToken, "Bearer");
using (var client = new PowerBIClient(new Uri(_powerBiConfig.ApiUrl), tokenCredentials))
{
...
}

but GetAccessTokenOnBehalfOfUser returns

AADSTS70011: The provided request must include a 'scope' input parameter. The provided value for the input parameter 'scope' is not valid.

Answer 1

Got it myself.

The code below demonstrates how to retrieve all power bi workspaces

public async Task<string> Groups()
{
    string[] scopes = { "https://analysis.windows.net/powerbi/api/Dataset.Read.All"};
    try
    {
        string accessToken = await _tokenAcquisition.GetAccessTokenOnBehalfOfUser(HttpContext, scopes);
        var tokenCredentials = new TokenCredentials(accessToken, "Bearer");
        using (var client = new PowerBIClient(new Uri(_powerBiConfig.ApiUrl), tokenCredentials))
        {
            return JsonConvert.SerializeObject(client.Groups.GetGroups().Value, Formatting.Indented);
        }
    }
    catch (Exception exc)
    {
        return string.Empty;
    }
}