topic Re: AADToken from react custom visual in Developer

AADToken from react custom visual

jananigurusamy — Fri, 10 Apr 2026 13:16:27 GMT

Building react custom visual which should generate user token and pass it to external API on some user action in visual. But am getting PrivilegeStatus.NotSupported in acquireAADTokenstatus(). Uploaded visual into organizational visuals as well, it is not working. I am seeing like publishing to AppSource is the only option. But cannot be certified because custom will need to make external API call. Token status will be allowed only if ceritifed or publishing to AppSource is enough?

Re: AADToken from react custom visual

v-veshwara-msft — Mon, 13 Apr 2026 07:05:03 GMT

Hi @jananigurusamy ,

Thanks for raising this in Microsoft Fabric Community.

Publishing a visual to AppSource by itself is not sufficient for acquireAADToken() to work. Based on the official documentation, the API is supported only for AppSource visuals that are approved, and in other contexts such as organizational or uncertified visuals it can return PrivilegeStatus.NotSupported, which aligns with what you are seeing.

You can refer to the documentation here:
The authentication API in Power BI custom visuals - Power BI | Microsoft Learn

This mentions that the Authentication API applies to AppSource visuals and may return NotSupported when the visual is not in a supported state.

At the same time, there are some constraints around certification to be aware of. Certified visuals are required to follow strict validation rules, including limitations around external service calls. Because of this, scenarios where a visual needs to pass the user’s AAD token to an external API may be difficult to align with certification requirements.

In similar discussions, one approach that is considered is to handle authentication outside of the custom visual. For example, the visual can call a backend service, and that service can manage authentication (for instance using a service principal or managed identity) before calling the external API. This helps avoid relying on token acquisition within the visual itself.

You may find this related discussion useful:
Using the Power BI Authentication API returns acce... - Microsoft Fabric Community

If your requirement depends on user-context access, it might be worth exploring whether a backend-mediated approach would fit your scenario.

Hope this helps. Please reach out for further assistance.
Thank you.

Re: AADToken from react custom visual

Ray_Minds — Tue, 14 Apr 2026 04:09:24 GMT

Answer -

The behavior you are seeing (PrivilegeStatus.NotSupported from acquireAADTokenStatus()) is by design and aligns with Microsoft’s documented limitations of the Power BI Authentication API.

The Power BI Authentication API (AcquireAADTokenService) can be used only by visuals published to AppSource.
It is not supported for:

Private visuals (pbiviz uploads)
Organizational visuals
Even if the visual is uploaded to Organizational visuals and tenant settings are enabled, the API remains unsupported, and the status will be returned as NotSupported.
This is explicitly stated in Microsoft documentation, which notes that the Authentication API is applicable only for AppSource visuals and not for private visuals

NOTE - Organizational visuals are still considered private visuals from the Authentication API perspective.

Document link - https://learn.microsoft.com/en-us/power-bi/developer/visuals/authentication-api
To clarify a common confusion:
- Publishing the visual to AppSource is mandatory to use acquireAADToken()
- Certification is NOT required
If your visual calls an external API, it cannot be certified, but it can still be published to AppSource as a non‑certified custom visual. Once published to AppSource, the Authentication API becomes available. Microsoft documentation confirms that certification is optional, and visuals that connect to external services simply do not qualify for certification, but are otherwise supported in AppSource
Documentation Link -
https://learn.microsoft.com/en-us/power-bi/developer/visuals/power-bi-custom-visuals-certified
Even after publishing to AppSource, the token will only be issued if the Power BI tenant admin enables the following setting:
Tenant setting: AppSource Custom Visuals SSO
If this setting is disabled, the status may return DisabledByAdmin.
If the visual is not from AppSource, the status will return NotSupported regardless of this setting.
This tenant requirement is documented under Power BI visuals admin settings.

Hope this helps. Please mark this reply as the solution if it answers your question.