Hi Community,
I am trying to get data from graph API into a PowerBi report. I keep receiving this error when trying to get the bearer access token:
I have created the app registration in my Azure tenant and I am using a self signed certificate to authenticate. I then created a PowerShell script to generate the JWT-bearer based on my certificate to use as the client assertion type for the API call to get the bearer token (all of these steps are working fine). Then I am trying to get the bearer access token using the Power Query (this is the step that is causing issues). This my current code:
//Params are stored separately for TenantID, ClientID, Scope, Resource
let
Url = "https://login.microsoftonline.com/" & TenantID & "/oauth2/token",
Body = [
scope = Scope,
client_id = ClientID,
resource = Resource,
grant_type = "client_credentials",
client_assertion_type = "jwt-bearer",
client_assertion = "insert jwt-bearer here"
],
tokenResponse =
Json.Document(
Web.Contents(
Url, [
Headers = [Accept = "application/json", ContentType = "application/x-www-form-urlencoded"],
Content = Text.ToBinary(Uri.BuildQueryString(Body)),
ManualStatusHandling = {400}
]
)
),
accessToken = tokenResponse[access_token]
in
accessToken
I am struggling to find relevant documentation to point me the right direction. Every single example I have found on the internet is using a client secret which I cannot use as it not secure for a daemon application. Is it possible that Power Query does not support JWT-bearers as your client assertion type? I also received the same error when trying to retrieve the bearer access token from Postman and I found this post that mentioned JWT-bearers are not supported yet: https://community.postman.com/t/oauth2-client-credentials-grant-flow-with-certificate/28673.
I was able to generate a valid bearer access token using only PowerShell however, as soon as I try to use Power Query, it continues to fail. If this feature is not supported in Power Query, that would be extremely frustrating as Microsoft itself warms you that client secrets are not secure enough when you do the app registration!
If anyone has faced similar issue, or has suggestions or relevant documentation that may help, please let me know! Any help would be great appreciated!
@atirait See the documentation here which covers OAuth authentication. Handling authentication for Power Query connectors - Power Query | Microsoft Learn.
You can optionally use a certificate or a federated identity credential instead of a client secret with the Graph API but those are the only other authentication mechanisms mentioned in the Graph API documentation. Authentication and authorization basics - Microsoft Graph | Microsoft Learn
Follow on LinkedIn
@ me in replies or I'll lose your thread!!!
Instead of a Kudo, please vote for this idea
Become an expert!: Enterprise DNA
External Tools: MSHGQM
YouTube Channel!: Microsoft Hates Greg
Latest book!: DAX For Humans
DAX is easy, CALCULATE makes DAX hard...
Helpful resources
Power BI Dataviz World Championships
The Power BI Data Visualization World Championships is back! Get ahead of the game and start preparing now!
Power BI Monthly Update - December 2025
Check out the December 2025 Power BI Holiday Recap!
FabCon Atlanta 2026
Join us at FabCon Atlanta, March 16-20, for the ultimate Fabric, Power BI, AI and SQL community-led event. Save $200 with code FABCOMM.
