Power BI REST API using a service principal - Error 401 unauthorized
Question
Recently I have been trying to make Power BI APIs work with service principal authentication. All steps mentioned in this article are done:
- an Azure AD app is registered (service principal created)
- an AD security group is created, the app is added to this group
- a Power BI admin has enabled service principal access in the admin portal
- the service principal and the security group are added to the workspace (and granted the admin role)
I am able to generate an access token using the POST method for https://login.microsoftonline.com/common/oauth2/token (screenshot below).
The issue is that whenever this token is used for any further calls (I have tried both non-admin and admin APIs - when it comes to admin ones, I only tested the supported APIS - can be seen in this article , I am shown the 401 unauthorized error .
So, my question is:
did I overlook a security setting in Azure perhaps? Our company uses MFA, but service principals can not use that from what I have found on the internet/in the documentation. Or is the generated token invalid somehow?
1 answers
solution1
0 2021-03-22 14:22:28
From your description, I think you should have a user login, because you are using MFA. Therefore, you should not use the client credential flow because it is often used in daemons without user interaction.
Therefore, you should use the auth code flow . When using this flow, you must first log in to the user in the browser and request the authorization code, and then use the authorization code to redeem the access token.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.