Skip to main content
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Next up in the FabCon + SQLCon recap series: The roadmap for Microsoft SQL and Maximizing Developer experiences in Fabric. All sessions are available on-demand after the live show. Register now

Reply
jananigurusamy
New Member

AADToken from react custom visual

Friday

Building react custom visual which should generate user token and pass it to external API on some user action in visual. But am getting PrivilegeStatus.NotSupported in acquireAADTokenstatus(). Uploaded visual into organizational visuals as well, it is not working. I am seeing like publishing to AppSource is the only option. But cannot be certified because custom will need to make external API call. Token status will be allowed only if ceritifed or publishing to AppSource is enough?

Labels:
Message 1 of 3
201 Views
0
2 REPLIES 2
Ray_Minds
Solution Supplier
Solution Supplier

Monday

Answer -  

The behavior you are seeing (PrivilegeStatus.NotSupported from acquireAADTokenStatus()) is by design and aligns with Microsoft’s documented limitations of the Power BI Authentication API. 

 

The Power BI Authentication API (AcquireAADTokenService) can be used only by visuals published to AppSource. 
It is not supported for: 

  • Private visuals (pbiviz uploads) 
  • Organizational visuals 

    Even if the visual is uploaded to Organizational visuals and tenant settings are enabled, the API remains unsupported, and the status will be returned as NotSupported. 

    This is explicitly stated in Microsoft documentation, which notes that the Authentication API is applicable only for AppSource visuals and not for private visuals 

     
    NOTE - Organizational visuals are still considered private visuals from the Authentication API perspective. 

     

    Document link - https://learn.microsoft.com/en-us/power-bi/developer/visuals/authentication-api

    To clarify a common confusion: 

    • Publishing the visual to AppSource is mandatory to use acquireAADToken() 
    • Certification is NOT required 

    If your visual calls an external API, it cannot be certified, but it can still be published to AppSource as a non‑certified custom visual. Once published to AppSource, the Authentication API becomes available. Microsoft documentation confirms that certification is optional, and visuals that connect to external services simply do not qualify for certification, but are otherwise supported in AppSource 

    Documentation Link -

    https://learn.microsoft.com/en-us/power-bi/developer/visuals/power-bi-custom-visuals-certified

    Even after publishing to AppSource, the token will only be issued if the Power BI tenant admin enables the following setting: 

    Tenant setting: AppSource Custom Visuals SSO 

    If this setting is disabled, the status may return DisabledByAdmin. 
    If the visual is not from AppSource, the status will return NotSupported regardless of this setting. 

    This tenant requirement is documented under Power BI visuals admin settings. 

     

    Hope this helps. Please mark this reply as the solution if it answers your question.



Message 3 of 3
45 Views
0
v-veshwara-msft
Community Support
Community Support

Monday

Hi @jananigurusamy ,

Thanks for raising this in Microsoft Fabric Community.

Publishing a visual to AppSource by itself is not sufficient for acquireAADToken() to work. Based on the official documentation, the API is supported only for AppSource visuals that are approved, and in other contexts such as organizational or uncertified visuals it can return PrivilegeStatus.NotSupported, which aligns with what you are seeing.

You can refer to the documentation here:
The authentication API in Power BI custom visuals - Power BI | Microsoft Learn

This mentions that the Authentication API applies to AppSource visuals and may return NotSupported when the visual is not in a supported state.

 

At the same time, there are some constraints around certification to be aware of. Certified visuals are required to follow strict validation rules, including limitations around external service calls. Because of this, scenarios where a visual needs to pass the user’s AAD token to an external API may be difficult to align with certification requirements.

 

In similar discussions, one approach that is considered is to handle authentication outside of the custom visual. For example, the visual can call a backend service, and that service can manage authentication (for instance using a service principal or managed identity) before calling the external API. This helps avoid relying on token acquisition within the visual itself.

You may find this related discussion useful:
Using the Power BI Authentication API returns acce... - Microsoft Fabric Community

If your requirement depends on user-context access, it might be worth exploring whether a backend-mediated approach would fit your scenario.

 

Hope this helps. Please reach out for further assistance.
Thank you.

Message 2 of 3
93 Views
0

Helpful resources

Announcements
New to Fabric survey Carousel

New to Fabric Survey

If you have recently started exploring Fabric, we'd love to hear how it's going. Your feedback can help with product improvements.

Power BI DataViz World Championships carousel

Power BI DataViz World Championships - June 2026

A new Power BI DataViz World Championship is coming this June! Don't miss out on submitting your entry.

Join our Fabric User Panel

Join our Fabric User Panel

Share feedback directly with Fabric product managers, participate in targeted research studies and influence the Fabric roadmap.

March Power BI Update Carousel

Power BI Community Update - March 2026

Check out the March 2026 Power BI update to learn about new features.

View All