@trevorgermain

is https://dev.powerbi.com/apps route still not working?

How do I access Azure Portal?

https://portal.azure.com

Thanks Trevorgermain, that worked.

My powershell script launches.

First it asked me to choose account:

I choose either my account or my service account.

Then I get a windows security login

 I choose mine or the service account (tried both)

Ultimately I get this error.

AADSTS50011: The reply address 'urn:ietf:wg:oauth:2.0:oob' does not match the reply addresses configured for the application: 'fbeb6bda-74a4-4a51-9c92-38a22c172a49'. More details: not specified

go to https://portal.azure.com

select Azure Active Directory > App registrations

select the app registration you created and look at all settings

review Redirect URIs

You need to have the Redirect URIs that your app is sending as part of the auth request added to the list of acceptible Redirect URIs

Hi Trevor,

I don't see "Reply URLs" in https://portal.azure.com.

Can you send bread crumbs to help me find it, or maybe screenshot?

Thanks!

My mistake, it's Redirect URIs, not Reply URLs

Ok, great, I found that spot.

Honestly I'm not sure what to add.

Here is my script, is it something from here?

# This sample script calls the Power BI API to progammtically trigger a refresh for the dataset
# It then calls the Power BI API to progammatically to get the refresh history for that dataset
# For full documentation on the REST APIs, see:
# https://msdn.microsoft.com/en-us/library/mt203551.aspx

# Instructions:
# 1. Install PowerShell (https://msdn.microsoft.com/en-us/powershell/scripting/setup/installing-windows-powershell) and the Azure PowerShell cmdlets (https://aka.ms/webpi-azps)
# 2. Set up a dataset for refresh in the Power BI service - make sure that the dataset can be
# updated successfully
# 3. Fill in the parameters below
# 4. Run the PowerShell script

# Parameters - fill these in before running the script!
# =====================================================

# An easy way to get group and dataset ID is to go to dataset settings and click on the dataset
# that you'd like to refresh. Once you do, the URL in the address bar will show the group ID and
# dataset ID, in the format:
# app.powerbi.com/groups/{groupID}/settings/datasets/{datasetID}

$groupID = "me" # the ID of the group that hosts the dataset. Use "me" if this is your My Workspace
$datasetID = "d234581a-734c-473c-be6c-e72f54ff9058" # the ID of the dataset that hosts the dataset

# AAD Client ID
# To get this, go to the following page and follow the steps to provision an app
# https://dev.powerbi.com/apps
# To get the sample to work, ensure that you have the following fields:
# App Type: Native app
# Redirect URL: urn:ietf:wg:oauth:2.0:oob
# Level of access: all dataset APIs
$clientId = "fbeb6bda-74a4-4a51-9c92-38a22c172a49"

# End Parameters =======================================

# Calls the Active Directory Authentication Library (ADAL) to authenticate against AAD
function GetAuthToken
{
$adal = "C:\Program Files\On-premises data gateway\Microsoft.IdentityModel.Clients.ActiveDirectory.dll"

$adalforms = "C:\Program Files\On-premises data gateway\Microsoft.IdentityModel.Clients.ActiveDirectory.WindowsForms.dll"

[System.Reflection.Assembly]::LoadFrom($adal) | Out-Null

[System.Reflection.Assembly]::LoadFrom($adalforms) | Out-Null

$redirectUri = "urn:ietf:wg:oauth:2.0:oob"

$resourceAppIdURI = "https://analysis.windows.net/powerbi/api"

$authority = "https://login.microsoftonline.com/common/oauth2/authorize";

$authContext = New-Object "Microsoft.IdentityModel.Clients.ActiveDirectory.AuthenticationContext" -ArgumentList $authority

$authResult = $authContext.AcquireToken($resourceAppIdURI, $clientId, $redirectUri, "Auto")

return $authResult
}

# Get the auth token from AAD
$token = GetAuthToken

# Building Rest API header with authorization token
$authHeader = @{
'Content-Type'='application/json'
'Authorization'=$token.CreateAuthorizationHeader()
}

# properly format groups path
$groupsPath = ""
if ($groupID -eq "me") {
$groupsPath = "myorg"
} else {
$groupsPath = "myorg/groups/$groupID"
}

# Refresh the dataset
$uri = "https://api.powerbi.com/v1.0/$groupsPath/datasets/$datasetID/refreshes"
Invoke-RestMethod -Uri $uri –Headers $authHeader –Method POST –Verbose

# Check the refresh history
$uri = "https://api.powerbi.com/v1.0/$groupsPath/datasets/$datasetID/refreshes"
Invoke-RestMethod -Uri $uri –Headers $authHeader –Method GET –Verbose

Authenticate users and get an Azure AD access token for your Power BI app

It depends on your embedding scenario.

If you are expecting a fully embedded scenario where your application authenticates as a Power BI Pro user, you need to use the "App Owns Data" example in the above article. This requires you to include username and password in your auth request. In this scenario, the Redirect Uri isn't really important.

If you are expecting a user to authenticate with their own Azure account, you would use "User Owns Data" example in the above article. In this scenario, the redirect uri in the app registration must match EXACTLY the redirect uri passed into the request. When the user successfully logs in to Azure AD, the browser will redirect to the Uri specified in the Redirect Uri.

I do want this to work inside a scheduled batch file with no user input.

I'll put this on hold till after the holidays.

I may have more questions Jan 2nd!  so close to having this work!

Thanks

If that's the case, then you will want to use the example for the "app owns data", and use the username and password credential option. This is the Resource Owner Password flow in OAuth2.