Skip to main content
cancel
Showing results for 
Search instead for 
Did you mean: 

Find everything you need to get certified on Fabric—skills challenges, live sessions, exam prep, role guidance, and more. Get started

Reply
ana_2
Regular Visitor

Custom Connector Access to the resource is forbidden

I am trying to connect to an API for reporting to PowerBI and developing a custom connector. I am receiving an "Unable to connect" error - Access to the resource is forbidden.

 

The connector is successfully logging in to the API with my credentials, however when I click "Connect" after authorizing, I am receiving this error. I seem to be having an issue with exchanging the authorization token for an access token. Any thoughts on what I am doing wrong? See below section of code I think may have issues...

 

I am also looking to exchange a refresh token for a new access token, but not clear on this process...

 

[DataSource.Kind="Connector2", Publish="Connector2.Publish"]

shared Connector2.Contents = (url as text) =>
    let
        queryString = [
            response_type = "code",
            client_id = client_id,
            redirect_uri = redirect_uri,
            prompt = "consent"
        ],
        source = Json.Document(Web.Contents(url))
    in
        source;

StartLogin = (resourceUrl, state, display) =>
    let
        AuthorizeURL = authorize_url & "?" & Uri.BuildQueryString([
            response_type = "code",
            client_id = client_id,
            redirect_uri = redirect_uri,
            prompt = "consent"
        ])
    in
        [
            LoginUri = AuthorizeURL,
            CallbackUri = redirect_uri,
            WindowHeight = windowHeight,
            WindowWidth = windowWidth,
            Context = null
        ];

FinishLogin = (context, callbackUri, state) =>
    let
        Parts = Uri.Parts(callbackUri)[Query]
    in
        TokenMethod(Parts[code]);

TokenMethod = (code) =>
    let
        Response = Web.Contents("https://api-token-site", [
            Content = Text.ToBinary(Uri.BuildQueryString([
                grant_type = "authorization_code",
                code = code,
                redirect_uri = redirect_uri,
                client_id = client_id,
                client_secret = client_secret
            ])),
            Headers=[#"Content-type" = "application/x-www-form-urlencoded", #"Accept" = "application/json"]]),
        Parts = Json.Document(Response)
    in
        Parts;

// Data Source Kind description
Connector2 = [
    Authentication = [
        OAuth = [
            StartLogin = StartLogin,
            FinishLogin = FinishLogin
            ]
    ]
];
2 REPLIES 2
v-yiruan-msft
Community Support
Community Support

Hi @ana_2 ,

Base on your descrption, it seems you’re encountering an “Access to the resource is forbidden” error while working with a custom connector in Power BI. Could you please check and confirm the following info?

1. Ensure that your authorization process is correctly exchanging the authorization token for an access token. 

2. Verify that the TokenMethod function is correctly handling the code received during the OAuth flow. Add some error handling and logging steps to capture the response and any error messages returned from the token endpoint. This can help identify if there's a specific issue in the response.

TokenMethod = (code) =>
    let
        Response = try Web.Contents("https://api-token-site", [
            Content = Text.ToBinary(Uri.BuildQueryString([
                grant_type = "authorization_code",
                code = code,
                redirect_uri = redirect_uri,
                client_id = client_id,
                client_secret = client_secret
            ])),
            Headers=[#"Content-type" = "application/x-www-form-urlencoded", #"Accept" = "application/json"]
        ])
    in
        if Response[HasError] then
            error Response[Error]
        else
            Json.Document(Response[Value])​

3. Double-check the URLs (e.g., authorize_url, redirect_uri, and api-token-site) in your code to make sure they are accurate and accessible.

4. Refresh token

// Assuming you have a refresh token stored securely
TokenRefresh = (refreshToken) =>
    let
        tokenUrl = "https://api-token-site/token", // Replace with your token endpoint
        requestBody = [
            grant_type = "refresh_token",
            refresh_token = refreshToken,
            client_id = client_id,
            client_secret = client_secret
        ],
        response = Json.Document(
            Web.Contents(tokenUrl, [
                Content = Text.ToBinary(Uri.BuildQueryString(requestBody)),
                Headers = [#"Content-type" = "application/x-www-form-urlencoded", #"Accept" = "application/json"]
            ])
        ),
        newAccessToken = response[access_token]
    in
        newAccessToken;

 

The authentication API in Power BI custom visuals - Power BI | Microsoft Learn

Handling authentication for Power Query connectors - Power Query | Microsoft Learn

Best Regards

Community Support Team _ Rena
If this post helps, then please consider Accept it as the solution to help the other members find it more quickly.

Hi, Thanks for your response. I have updated per your suggestion 2 and it appears to not be showing any errors. Per 3 I have confirmed all URLs are correct. 

 

Regarding 1, do you have any suggestions on how I can check this? I believe this is where the issue lies, but I am not sure how to check it. I am very new to PQ and Custom Connectors. 

 

My Connector successfully connects to the API and requests my external login credentials. I receive confirmation that I have signed in successfully. Then when I hit "Connect", this is where the error shows.

 

Screenshot 2024-06-16 222219.pngScreenshot 2024-06-16 222014.jpg

Helpful resources

Announcements
July 2024 Power BI Update

Power BI Monthly Update - July 2024

Check out the July 2024 Power BI update to learn about new features.

PBI_Carousel_NL_June

Fabric Community Update - June 2024

Get the latest Fabric updates from Build 2024, key Skills Challenge voucher deadlines, top blogs, forum posts, and product ideas.