Solved: Power Bi rest API Custom connector Parameters prob...

Anonymous · ‎07-12-2022

Hi all!

We have a custom connector that calls the power bi's Rest API and we have to pass the TenantID, SecretValue and the clientID to a function that uses them in order to create the access token. We want to pass these as dinamic parameters avoiding to hardcode them. Is there a way to create "global" parameters in Power Query SDK?

We have found a workaround, that is to put the parameters in the navigation table but we get parameters issues when we publish it to power bi Service and try to set up the Gateway.

Did you know how to solve this?

Thank you

miguel · ‎07-13-2022

Not currently a supported scenario, nor is it recommended to store ClientID and ClientSecret that way, but it is technically possible.

You could, in a hypothetical scenario, request your user to enter a tenant Name for a data source that relies on an API for let's say a subdomain. Something like {subdomain}.MyService.com/API.

The user needs to input that subdomain string in order to establish a connection to its REST API, so your function could request a "subdomain" parameter, but the application itself to authenticate should be global in the sense that it shouldn't require the user to enter any private or security related data through the function parameters as those are not encrypted whatsoever and we do not encourage nor remotely recommend anyone to store confidential / private information as clear text as an argument of a Power Query function. Again, from a security perspective, storing private / confidential information as clear text as an argument of a function is not a good practice.

StartLogin = (resourceUrl, state, display) =>
    let
        Context= Json.Document(resourceUrl)[subdomain],
        AuthorizeUrl = authorize_uri & "?" & Uri.BuildQueryString([
        client_id = client_id,  
        redirect_uri = redirectUrl, 
        state = state,
        response_type = "code",
        prompt= "login"
    ])
    in
        [
            LoginUri = AuthorizeUrl,
            CallbackUri = redirectUrl,
            WindowHeight = 720,
            WindowWidth = 1024,
            Context = Context
        ]

The sample code above basically checks the resourceUrl and extracts that "subdomain" value to be passed later to the FinishLogin funciton and used as needed. You could leverage that in your TokenMethod function.

Hope this helps, but if your data source is the Power BI REST API then the connector that I shared is the best starting point.

I haven't checked the Power BI REST API documentation in a few years, but I don't remember any endpoints requiring a TenantId parameter. Perhaps things have changed, but I'm not familiar with those changes or if there's a new TenantId parameter that could be used for users with admin access to multiple tenants.

View solution in original post

Anonymous · ‎07-13-2022

Thanks for the fast reply!

This link has been very helpful while creating the connector but here the ClientSecret and ClientID have been passed statically as show in the code below:

client_id = Text.FromBinary(Extension.Contents("AppID.txt"));  

client_secret = Text.FromBinary(Extension.Contents("ClientSecret.txt"));

Extension.Contents() Function Basically allows you to access the contents of any file you include in the .mez file of your custom data connector. What i want is something like a customer that when uses the custom connector can insert his credential trough the Power BI desktop interface and i want them to be recognized as "global" parameters

miguel · ‎07-13-2022

Hey!

while the connector might have those lines of code, they are not being used.

You can check the authentication record of the connector for more information, but it's effectively using the built-in AAD authentication method that uses a MSFT app without requiring the user to enter any app id or app secret.

You should be able to just download the mez file and simply using without the need to setup anything around clientid / appid and client secret / app secret.

Anonymous · ‎07-13-2022

Thanks for the reply, although using the built-in AAD authentication skips indeed the need to setup clientid / appid and client secret / app secret (in fact the mez file from the link you shared before works) and that's not what my goal is. I want to pass those credential and i want them to be dynamic, Preferably by setting them as parameters. Is it possible?
If not, is it possible to define a custom authentication method such that explicitly asks for these 3 credentials?

miguel · ‎07-13-2022

Not currently a supported scenario, nor is it recommended to store ClientID and ClientSecret that way, but it is technically possible.

You could, in a hypothetical scenario, request your user to enter a tenant Name for a data source that relies on an API for let's say a subdomain. Something like {subdomain}.MyService.com/API.

The user needs to input that subdomain string in order to establish a connection to its REST API, so your function could request a "subdomain" parameter, but the application itself to authenticate should be global in the sense that it shouldn't require the user to enter any private or security related data through the function parameters as those are not encrypted whatsoever and we do not encourage nor remotely recommend anyone to store confidential / private information as clear text as an argument of a Power Query function. Again, from a security perspective, storing private / confidential information as clear text as an argument of a function is not a good practice.

StartLogin = (resourceUrl, state, display) =>
    let
        Context= Json.Document(resourceUrl)[subdomain],
        AuthorizeUrl = authorize_uri & "?" & Uri.BuildQueryString([
        client_id = client_id,  
        redirect_uri = redirectUrl, 
        state = state,
        response_type = "code",
        prompt= "login"
    ])
    in
        [
            LoginUri = AuthorizeUrl,
            CallbackUri = redirectUrl,
            WindowHeight = 720,
            WindowWidth = 1024,
            Context = Context
        ]

The sample code above basically checks the resourceUrl and extracts that "subdomain" value to be passed later to the FinishLogin funciton and used as needed. You could leverage that in your TokenMethod function.

Hope this helps, but if your data source is the Power BI REST API then the connector that I shared is the best starting point.

I haven't checked the Power BI REST API documentation in a few years, but I don't remember any endpoints requiring a TenantId parameter. Perhaps things have changed, but I'm not familiar with those changes or if there's a new TenantId parameter that could be used for users with admin access to multiple tenants.