Skip to main content
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

The Power BI Data Visualization World Championships is back! Get ahead of the game and start preparing now! Learn more

Reply
navinrangar
Helper II
Helper II

Azure AD App Authentication 'scope doesn't exist on app' with power-bi APIs

‎02-09-2023 06:15 AM

I intend to call Powerbi APIs in my react app.

 

For this, I need to dynamically generate an access token.

 

And to generate that access token, I have registered my azure ad app. Have given all the powerbi permissions.

 

My APIs only need 'Dataset.ReadWrite.All' permission. And that permission doesn't need any admin consent.

 

In my react app, I'm using msal 2.0 library (msal-react and msal-browser) for authentication.

 

I'm hitting this endpoint in msal config which is responsible for generating an access token - 

 
I need a token with 'Dataset.ReadWrite.All' permission to authorize with powerbi rest API. And I have also configured my azure ad app for this permission.
 
sc4-azure-ad-permission.png
 
 
 
 
invalid_client: AADSTS650053: The application 'dashboard.navinrangar.work' asked for scope 'Dataset.ReadWrite.All' that doesn't exist on the resource '00000003-0000-0000-c000-000000000000'. Contact the app vendor. Trace ID: 77e47883-fdd3-444a-bdd3-9f3a53bc1500 Correlation ID: aa77d724-0d9f-41aa-8e47-251c6b6f9293 Timestamp: 2023-02-09 13:51:46Z
 
EVERYTHING LOOKS GREAT IN AZURE AD.
 
I READ IT SOMEWHERE THAT THIS RESOURCE '00000003-0000-0000-c000-000000000000' indicates to the graph.microsoft.com resource. and I'm hitting https://login.microsoftonline.com/{myTenantId} . these are my app endpoints.
 
sc5-azure-ad-app-endpoints.png
 
I'm not sure if powerbi resources come under graph.microsoft.com ('00000003-0000-0000-c000-000000000000) resource!!??
 
also on my app's API permissions page I read, they come under https://analysis.windows.net/powerbi/api that is 00000009-0000-0000-c000-000000000000??
 
 
navinrangar_1-1675951932846.png
 
 
am I hitting the wrong endpoint or the issue is something else??
Labels:
Message 1 of 2
5,106 Views
0
1 REPLY 1
navinrangar
Helper II
Helper II

‎02-10-2023 04:18 AM

if we set any scope our azure ad app endpoint, then by default it is treated as a Microsoft graph scope. so to mention powerbi API scope, we need to define our scope w/ this hostname: https://analysis.windows.net/powerbi/api/{scope_you_want}

 

in my case i wanted dataset.readwrite.all so i defined my scope as https://analysis.windows.net/powerbi/api/Dataset.ReadWrite.All

 

 

this answer helped me a lot. 

 

https://stackoverflow.com/questions/75402011/access-token-scope-issue-in-azure-ad-and-power/75407572...

Message 2 of 2
5,044 Views

Helpful resources

Announcements
Power BI DataViz World Championships

Power BI Dataviz World Championships

The Power BI Data Visualization World Championships is back! Get ahead of the game and start preparing now!

December 2025 Power BI Update Carousel

Power BI Monthly Update - December 2025

Check out the December 2025 Power BI Holiday Recap!

FabCon Atlanta 2026 carousel

FabCon Atlanta 2026

Join us at FabCon Atlanta, March 16-20, for the ultimate Fabric, Power BI, AI and SQL community-led event. Save $200 with code FABCOMM.

View All