Custom Connector Access to the resource is forbidd...

ana_2 · ‎06-12-2024

I am trying to connect to an API for reporting to PowerBI and developing a custom connector. I am receiving an "Unable to connect" error - Access to the resource is forbidden.

The connector is successfully logging in to the API with my credentials, however when I click "Connect" after authorizing, I am receiving this error. I seem to be having an issue with exchanging the authorization token for an access token. Any thoughts on what I am doing wrong? See below section of code I think may have issues...

I am also looking to exchange a refresh token for a new access token, but not clear on this process...

[DataSource.Kind="Connector2", Publish="Connector2.Publish"]

shared Connector2.Contents = (url as text) =>

let

queryString = [

response_type = "code",

client_id = client_id,

redirect_uri = redirect_uri,

prompt = "consent"

],

source = Json.Document(Web.Contents(url))

in

source;

StartLogin = (resourceUrl, state, display) =>

let

AuthorizeURL = authorize_url & "?" & Uri.BuildQueryString([

response_type = "code",

client_id = client_id,

redirect_uri = redirect_uri,

prompt = "consent"

])

in

[

LoginUri = AuthorizeURL,

CallbackUri = redirect_uri,

WindowHeight = windowHeight,

WindowWidth = windowWidth,

Context = null

];

FinishLogin = (context, callbackUri, state) =>

let

Parts = Uri.Parts(callbackUri)[Query]

in

TokenMethod(Parts[code]);

TokenMethod = (code) =>

let

Response = Web.Contents("https://api-token-site", [

Content = Text.ToBinary(Uri.BuildQueryString([

grant_type = "authorization_code",

code = code,

redirect_uri = redirect_uri,

client_id = client_id,

client_secret = client_secret

])),

Headers=[#"Content-type" = "application/x-www-form-urlencoded", #"Accept" = "application/json"]]),

Parts = Json.Document(Response)

in

Parts;

// Data Source Kind description

Connector2 = [

Authentication = [

OAuth = [

StartLogin = StartLogin,

FinishLogin = FinishLogin

]

];

Anonymous · ‎06-13-2024

Hi @ana_2 ,

Base on your descrption, it seems you’re encountering an “Access to the resource is forbidden” error while working with a custom connector in Power BI. Could you please check and confirm the following info?

1. Ensure that your authorization process is correctly exchanging the authorization token for an access token.

2. Verify that the TokenMethod function is correctly handling the code received during the OAuth flow. Add some error handling and logging steps to capture the response and any error messages returned from the token endpoint. This can help identify if there's a specific issue in the response.

TokenMethod = (code) =>
    let
        Response = try Web.Contents("https://api-token-site", [
            Content = Text.ToBinary(Uri.BuildQueryString([
                grant_type = "authorization_code",
                code = code,
                redirect_uri = redirect_uri,
                client_id = client_id,
                client_secret = client_secret
            ])),
            Headers=[#"Content-type" = "application/x-www-form-urlencoded", #"Accept" = "application/json"]
        ])
    in
        if Response[HasError] then
            error Response[Error]
        else
            Json.Document(Response[Value])

3. Double-check the URLs (e.g., authorize_url, redirect_uri, and api-token-site) in your code to make sure they are accurate and accessible.

4. Refresh token

// Assuming you have a refresh token stored securely
TokenRefresh = (refreshToken) =>
    let
        tokenUrl = "https://api-token-site/token", // Replace with your token endpoint
        requestBody = [
            grant_type = "refresh_token",
            refresh_token = refreshToken,
            client_id = client_id,
            client_secret = client_secret
        ],
        response = Json.Document(
            Web.Contents(tokenUrl, [
                Content = Text.ToBinary(Uri.BuildQueryString(requestBody)),
                Headers = [#"Content-type" = "application/x-www-form-urlencoded", #"Accept" = "application/json"]
            ])
        ),
        newAccessToken = response[access_token]
    in
        newAccessToken;

The authentication API in Power BI custom visuals - Power BI | Microsoft Learn

Handling authentication for Power Query connectors - Power Query | Microsoft Learn

Best Regards

ana_2 · ‎06-16-2024

Hi, Thanks for your response. I have updated per your suggestion 2 and it appears to not be showing any errors. Per 3 I have confirmed all URLs are correct.

Regarding 1, do you have any suggestions on how I can check this? I believe this is where the issue lies, but I am not sure how to check it. I am very new to PQ and Custom Connectors.

My Connector successfully connects to the API and requests my external login credentials. I receive confirmation that I have signed in successfully. Then when I hit "Connect", this is where the error shows.