OAuth flow not validating credentials for On-Premi...

Anonymous · ‎10-28-2019

I have built a Custom Data Connector that connects to Facebook's Graph API which successfully works in Power BI Desktop. When I add the .mez file to our companies Custom Connector Folder for our On-Premise gateway I cannot get the authentication flow to complete. In the 'Manage gateways' screen I click on 'Add Data Source' and can successfully see the 'Data Source Type' of the connector I have built, and the authentication method in the drop-down is correctly showing the OAuth2 method. However, when I click on the 'Edit credentials' it pops up with the start of the flow successfully and takes me through all the permissions and scopes from Facebook correctly without any errors, however when this flow completes the authentication sign-in does not disappear and shows no errors of why these credentials have not been successful.

Has anyone faced a similar issue or has an idea of how to rectify this issue?

The authorize_uri is

https://www.facebook.com/v4.0/dialog/oauth

The redirectUrl is

https://oauth.powerbi.com/views/oauthredirect.html

The token_uri is

https://graph.facebook.com/oauth/access_token

The code in my Custom Connector for the authentication flow is as follows.

/*______________________________________________________________________________________________________

    Authentication Functions
______________________________________________________________________________________________________*/
// Authentication Object Flow
FacebookForBusiness = [
    Authentication = [
        OAuth = [
            StartLogin = StartLogin,
            Refresh = Refresh,
            FinishLogin = FinishLogin
        ]
    ],
    Label =  Extension.LoadString ("DataSourceLabel")
];
// Start OAuth Login for Authentication Flow
StartLogin = (resourceUrl, state, display) =>
    let
        AuthorizeUrl = authorize_uri & "?" & Uri.BuildQueryString([
        client_id = client_id,
        redirect_uri = redirectUrl,
        state = state,
        scope = GetScopeString(scopes, scope_prefix),
        response_type = "code"
    ])
    in
        [
            LoginUri = AuthorizeUrl,
            CallbackUri = redirectUrl,
            WindowHeight = 720,
            WindowWidth = 1024,
            Context = null
        ];
// Finish OAuth Login for Authentication Flow
FinishLogin = (context, callbackUri, state) =>
    let
        parts = Uri.Parts(callbackUri)[Query],
        result = if (Record.HasFields(parts, {"error", "error_description"})) then 
                    error Error.Record(parts[error], parts[error_description], parts)
                 else
                   TokenMethod("authorization_code", parts[code])
    in
        result;
// Refresh OAuth Login for Authentication Flow
Refresh = (resourceUrl, refresh_token) =>
    let 
        refreshToken = TokenMethod("refresh_token", refresh_token)
    in 
        refreshToken;
// Retrieve Token for Authentication Flow
TokenMethod = (grantType, code) =>
    let
        query = [
            grant_type = grantType,
            client_id = client_id,
            client_secret = client_secret,
            redirect_uri = redirectUrl
        ],

        queryWithCode = if (grantType = "refresh_token") then [ refresh_token = code ] else [code = code],

        response = Web.Contents(token_uri, [
            Content = Text.ToBinary(Uri.BuildQueryString(query & queryWithCode)),
            Headers=[#"Content-type" = "application/x-www-form-urlencoded",#"Accept" = "application/json"], ManualStatusHandling = {400}]),
        body = Json.Document(response),
        result = if  (Record.HasFields(body, {"error", "error_description"})) then  
                    error Error.Record(body[error], body[error_description], body)
                 else
                    body
    in
        result;
//// Function to concatenate all the scopes and create a string for them
GetScopeString = (scopes as list, optional scopePrefix as text) as text =>
    let
        prefix = if scopePrefix = null then "" else scopePrefix,
        addPrefix = List.Transform(scopes, each prefix & _),
        asText = Text.Combine(addPrefix, " ")
    in
        asText;

Anonymous · ‎10-29-2019

I had slight progress on this, however still can't get things to work as expected.

Firstly, I added the code for the TestConnection, which I forgot to include in my first chunk of code I posted. This did not allow any progression of my error.

FacebookForBusiness = [
    TestConnection = (dataSourcePath) =>  { "FacebookForBusiness.Navigation"},
    Authentication = [
        OAuth = [
            StartLogin = StartLogin,
            Refresh = Refresh,
            FinishLogin = FinishLogin
        ]
    ],
    Label =  Extension.LoadString ("DataSourceLabel")
];

I also experimented of changing my redirect URI

from...

https://oauth.powerbi.com/views/oauthredirect.html

to....

https://preview.powerbi.com/views/oauthredirect.html

When I did this step, I got the sign-in box to close, but with an error message.

Status code: 400

Error Code: DMTS_PublishDatasourceToClusterErrorCode

Any clues on the next steps?

Anonymous · ‎10-29-2019

So, I am narrowing this down a little bit, however still no success.

When running the OAuth flow, when I have the redirect as

https://oauth.powerbi.com/views/oauthredirect.html

The start of the flow goes to the preview.... redirect URI when on adding it to the gateway.

This explains why it works on desktop, as when I run it in the Desktop it correctly runs, as it correctly goes via the correct Redirect URI (as seen on Fiddler trace).

Why would the gateway data source binding re-point to the preview redirect when it is not being told to !