Find everything you need to get certified on Fabric—skills challenges, live sessions, exam prep, role guidance, and more. Get started
I created an Azure Entra app, gave the proper permissions and shared my reports with the account. I followed the following guides for this:
Now with the tokens proved by the Azure Entra app, I was able to successfully call the following endpoints:
But unfortunately, to embed the report, the most crucial endpoint I have to talk to is this one:
When I tried to call this endpoint with the same credentials, (With the token returned by https://login.microsoftonline.com/{tenantId}/oauth2/v2.0/token), it gives me the following error: PowerBINotAuthorizedException
Can't we embed a power BI report in our own website without providing the username password of a Microsoft user account? How to do it properly?
Solved! Go to Solution.
Hi,@THpubs
Your steps are correct, and my answer to your question is as follows:
1.First, we can embed Power BI reports into our own Web site without providing the username and password for the Microsoft user account, which is why using a service principal to embed for customers exists. However, you may need to note that the samples provided by the official documentation are only suitable for testing, and you may need to purchase capacity if you need to go into production, the following are screenshots and links to the official documentation:
Capacity and SKUs in Power BI embedded analytics - Power BI | Microsoft Learn
2.Secondly, regarding the "PowerBINotAuthorizedException" issue, you may need to note that you need to apply for an authorization code first, and the following is the relevant link:
azure - Using POSTMAN to get Authorization Code - OAuth2.0 - Stack Overflow
3.Then, hopefully, you'll be able to check if you have set the security group where the service principal is located to the member role and above:
Make sure the Power BI service admin permissions are turned on
And in the api permission, make sure that the corresponding permissions for Tenant.Read.All and Tenant.ReadWrite.All are granted:
If you want to switch between v1.0 and v2.0, you can check the following link:
web services - How to get token v2 from microsoft with oauth2 - Stack Overflow
Protected web API app registration - Microsoft identity platform | Microsoft Learn
4.Finally, here are the links that have similar issues to you, I hope it will be helpful to you:
Verifying OAUTH configuration for Custom Connectors - Microsoft Support
Solved: PowerBI API Returns "PowerBINotAuthorizedException... - Microsoft Fabric Community
Of course, if you have any new ideas, you are welcome to contact us.
Best Regards,
Leroy Lu
If this post helps, then please consider Accept it as the solution to help the other members find it more quickly.
Hi,@THpubs
Your steps are correct, and my answer to your question is as follows:
1.First, we can embed Power BI reports into our own Web site without providing the username and password for the Microsoft user account, which is why using a service principal to embed for customers exists. However, you may need to note that the samples provided by the official documentation are only suitable for testing, and you may need to purchase capacity if you need to go into production, the following are screenshots and links to the official documentation:
Capacity and SKUs in Power BI embedded analytics - Power BI | Microsoft Learn
2.Secondly, regarding the "PowerBINotAuthorizedException" issue, you may need to note that you need to apply for an authorization code first, and the following is the relevant link:
azure - Using POSTMAN to get Authorization Code - OAuth2.0 - Stack Overflow
3.Then, hopefully, you'll be able to check if you have set the security group where the service principal is located to the member role and above:
Make sure the Power BI service admin permissions are turned on
And in the api permission, make sure that the corresponding permissions for Tenant.Read.All and Tenant.ReadWrite.All are granted:
If you want to switch between v1.0 and v2.0, you can check the following link:
web services - How to get token v2 from microsoft with oauth2 - Stack Overflow
Protected web API app registration - Microsoft identity platform | Microsoft Learn
4.Finally, here are the links that have similar issues to you, I hope it will be helpful to you:
Verifying OAUTH configuration for Custom Connectors - Microsoft Support
Solved: PowerBI API Returns "PowerBINotAuthorizedException... - Microsoft Fabric Community
Of course, if you have any new ideas, you are welcome to contact us.
Best Regards,
Leroy Lu
If this post helps, then please consider Accept it as the solution to help the other members find it more quickly.
Thank you very much! It worked. But I have a small question, what's the expiration time of the authorization code? If it does expire, is there a way to obtain it without the user credentials? I mean programatically?
Hi,@THpubs
First of all, with regard to your first question, OAuth 2.0 authorization codes usually expire in a very short period of time, usually around 10 minutes.
The following are related issues to support:
Second, it is often not possible to programmatically obtain the authorization code without user credentials, as user consent is required in the OAuth 2.0 authorization code flow.
Here is a screenshot of the official document:
Here are the relevant links:
Microsoft identity platform and OAuth 2.0 authorization code flow - Microsoft identity platform | Mi...
How to programmatically get the Authorization code without requiring the user approval in OAuth 2.0 ...
Of course, this is the conclusion of the information we searched, and if you have any new discoveries or corrections, you are welcome to communicate with us.
Best Regards,
Leroy Lu
If this post helps, then please consider Accept it as the solution to help the other members find it more quickly.
Check out the September 2024 Power BI update to learn about new features.
Learn from experts, get hands-on experience, and win awesome prizes.
User | Count |
---|---|
43 | |
4 | |
4 | |
3 | |
3 |