Skip to main content
cancel
Showing results for 
Search instead for 
Did you mean: 

Find everything you need to get certified on Fabric—skills challenges, live sessions, exam prep, role guidance, and more. Get started

Reply
THpubs
New Member

Getting an error saying PowerBINotAuthorizedException when trying to embed PowerBI reports in an app

I created an Azure Entra app, gave the proper permissions and shared my reports with the account. I followed the following guides for this:

Now with the tokens proved by the Azure Entra app, I was able to successfully call the following endpoints:

But unfortunately, to embed the report, the most crucial endpoint I have to talk to is this one:

When I tried to call this endpoint with the same credentials, (With the token returned by https://login.microsoftonline.com/{tenantId}/oauth2/v2.0/token), it gives me the following error: PowerBINotAuthorizedException

Can't we embed a power BI report in our own website without providing the username password of a Microsoft user account? How to do it properly?

1 ACCEPTED SOLUTION
v-linyulu-msft
Community Support
Community Support

Hi,@THpubs 

Your steps are correct, and my answer to your question is as follows:

1.First, we can embed Power BI reports into our own Web site without providing the username and password for the Microsoft user account, which is why using a service principal to embed for customers exists. However, you may need to note that the samples provided by the official documentation are only suitable for testing, and you may need to purchase capacity if you need to go into production, the following are screenshots and links to the official documentation:

vlinyulumsft_0-1725333580417.png

Capacity and SKUs in Power BI embedded analytics - Power BI | Microsoft Learn
 

2.Secondly, regarding the "PowerBINotAuthorizedException" issue, you may need to note that you need to apply for an authorization code first, and the following is the relevant link:

azure - Using POSTMAN to get Authorization Code - OAuth2.0 - Stack Overflow
 

3.Then, hopefully, you'll be able to check if you have set the security group where the service principal is located to the member role and above:

vlinyulumsft_1-1725333580421.png

Make sure the Power BI service admin permissions are turned on

vlinyulumsft_3-1725333612564.png

Embed Power BI content in an embedded analytics application with service principal and an applicatio...
 

And in the api permission, make sure that the corresponding permissions for Tenant.Read.All and Tenant.ReadWrite.All are granted:
vlinyulumsft_2-1725333612561.png

If you want to switch between v1.0 and v2.0, you can check the following link:
web services - How to get token v2 from microsoft with oauth2 - Stack Overflow
Protected web API app registration - Microsoft identity platform | Microsoft Learn
 

4.Finally, here are the links that have similar issues to you, I hope it will be helpful to you:
Verifying OAUTH configuration for Custom Connectors - Microsoft Support

 Solved: PowerBI API Returns "PowerBINotAuthorizedException... - Microsoft Fabric Community

Of course, if you have any new ideas, you are welcome to contact us.
 

Best Regards,

Leroy Lu

If this post helps, then please consider Accept it as the solution to help the other members find it more quickly.

 

 

View solution in original post

3 REPLIES 3
v-linyulu-msft
Community Support
Community Support

Hi,@THpubs 

Your steps are correct, and my answer to your question is as follows:

1.First, we can embed Power BI reports into our own Web site without providing the username and password for the Microsoft user account, which is why using a service principal to embed for customers exists. However, you may need to note that the samples provided by the official documentation are only suitable for testing, and you may need to purchase capacity if you need to go into production, the following are screenshots and links to the official documentation:

vlinyulumsft_0-1725333580417.png

Capacity and SKUs in Power BI embedded analytics - Power BI | Microsoft Learn
 

2.Secondly, regarding the "PowerBINotAuthorizedException" issue, you may need to note that you need to apply for an authorization code first, and the following is the relevant link:

azure - Using POSTMAN to get Authorization Code - OAuth2.0 - Stack Overflow
 

3.Then, hopefully, you'll be able to check if you have set the security group where the service principal is located to the member role and above:

vlinyulumsft_1-1725333580421.png

Make sure the Power BI service admin permissions are turned on

vlinyulumsft_3-1725333612564.png

Embed Power BI content in an embedded analytics application with service principal and an applicatio...
 

And in the api permission, make sure that the corresponding permissions for Tenant.Read.All and Tenant.ReadWrite.All are granted:
vlinyulumsft_2-1725333612561.png

If you want to switch between v1.0 and v2.0, you can check the following link:
web services - How to get token v2 from microsoft with oauth2 - Stack Overflow
Protected web API app registration - Microsoft identity platform | Microsoft Learn
 

4.Finally, here are the links that have similar issues to you, I hope it will be helpful to you:
Verifying OAUTH configuration for Custom Connectors - Microsoft Support

 Solved: PowerBI API Returns "PowerBINotAuthorizedException... - Microsoft Fabric Community

Of course, if you have any new ideas, you are welcome to contact us.
 

Best Regards,

Leroy Lu

If this post helps, then please consider Accept it as the solution to help the other members find it more quickly.

 

 

Thank you very much! It worked. But I have a small question, what's the expiration time of the authorization code? If it does expire, is there a way to obtain it without the user credentials? I mean programatically?

Hi,@THpubs 

 

First of all, with regard to your first question, OAuth 2.0 authorization codes usually expire in a very short period of time, usually around 10 minutes.

The following are related issues to support:

OAuth 2.0 device authorization grant flow.The expiration time (expires_in) of user_code is 900 secon...
 

Second, it is often not possible to programmatically obtain the authorization code without user credentials, as user consent is required in the OAuth 2.0 authorization code flow.

Here is a screenshot of the official document:
 

vlinyulumsft_0-1725351575372.png

Here are the relevant links:
Microsoft identity platform and OAuth 2.0 authorization code flow - Microsoft identity platform | Mi...
How to programmatically get the Authorization code without requiring the user approval in OAuth 2.0 ...
 

Of course, this is the conclusion of the information we searched, and if you have any new discoveries or corrections, you are welcome to communicate with us.
 

Best Regards,

Leroy Lu

If this post helps, then please consider Accept it as the solution to help the other members find it more quickly.

Helpful resources

Announcements
Sept PBI Carousel

Power BI Monthly Update - September 2024

Check out the September 2024 Power BI update to learn about new features.

September Hackathon Carousel

Microsoft Fabric & AI Learning Hackathon

Learn from experts, get hands-on experience, and win awesome prizes.

Sept NL Carousel

Fabric Community Update - September 2024

Find out what's new and trending in the Fabric Community.

Top Solution Authors