Hi Community,
I am trying to get data from graph API into a PowerBi report. I keep receiving this error when trying to get the bearer access token:
I have created the app registration in my Azure tenant and I am using a self signed certificate to authenticate. I then created a PowerShell script to generate the JWT-bearer based on my certificate to use as the client assertion type for the API call to get the bearer token (all of these steps are working fine). Then I am trying to get the bearer access token using the Power Query (this is the step that is causing issues). This my current code:
//Params are stored separately for TenantID, ClientID, Scope, Resource
let
Url = "https://login.microsoftonline.com/" & TenantID & "/oauth2/token",
Body = [
scope = Scope,
client_id = ClientID,
resource = Resource,
grant_type = "client_credentials",
client_assertion_type = "jwt-bearer",
client_assertion = "insert jwt-bearer here"
],
tokenResponse =
Json.Document(
Web.Contents(
Url, [
Headers = [Accept = "application/json", ContentType = "application/x-www-form-urlencoded"],
Content = Text.ToBinary(Uri.BuildQueryString(Body)),
ManualStatusHandling = {400}
]
)
),
accessToken = tokenResponse[access_token]
in
accessToken
I am struggling to find relevant documentation to point me the right direction. Every single example I have found on the internet is using a client secret which I cannot use as it not secure for a daemon application. Is it possible that Power Query does not support JWT-bearers as your client assertion type? I also received the same error when trying to retrieve the bearer access token from Postman and I found this post that mentioned JWT-bearers are not supported yet: https://community.postman.com/t/oauth2-client-credentials-grant-flow-with-certificate/28673.
I was able to generate a valid bearer access token using only PowerShell however, as soon as I try to use Power Query, it continues to fail. If this feature is not supported in Power Query, that would be extremely frustrating as Microsoft itself warms you that client secrets are not secure enough when you do the app registration!
If anyone has faced similar issue, or has suggestions or relevant documentation that may help, please let me know! Any help would be great appreciated!
@atirait See the documentation here which covers OAuth authentication. Handling authentication for Power Query connectors - Power Query | Microsoft Learn.
You can optionally use a certificate or a federated identity credential instead of a client secret with the Graph API but those are the only other authentication mechanisms mentioned in the Graph API documentation. Authentication and authorization basics - Microsoft Graph | Microsoft Learn
Follow on LinkedIn
@ me in replies or I'll lose your thread!!!
Instead of a Kudo, please vote for this idea
Become an expert!: Enterprise DNA
External Tools: MSHGQM
YouTube Channel!: Microsoft Hates Greg
Latest book!: DAX For Humans
DAX is easy, CALCULATE makes DAX hard...
Helpful resources
Power BI Monthly Update - May 2026
Check out the May 2026 Power BI update to learn about new features.
Data Days 2026 coming soon!
Sign up to receive a private message when registration opens and key events begin.
New to Fabric Survey
If you have recently started exploring Fabric, we'd love to hear how it's going. Your feedback can help with product improvements.
Power BI DataViz World Championships - June 2026
A new Power BI DataViz World Championship is coming this June! Don't miss out on submitting your entry.
