Skip to main content
cancel
Showing results for 
Search instead for 
Did you mean: 

Get certified in Microsoft Fabric—for free! For a limited time, get a free DP-600 exam voucher to use by the end of 2024. Register now

Reply
SauravRajJoshi
Frequent Visitor

Fabric GraphQL API with Microsoft App Registration Endpoint, with OAuth Access Token.

Is there a way to make Fabric GraphQL API work microsoft app registration endpoint, with access tokens and not user sign in.

I have a Fabric GraphQL Api in my workspace. I need to expose the API outside with an access token.

I am trying to use the client_secret, generate a bearer token and access the GraphQL data.

The issue I am facing now is:

```
{
"requestId": "****",
"errorCode": "PrincipalTypeNotSupported",
"message": "The operation is not supported for the principal type"
}
```

Microsoft documentation has this [Connect applications to Fabric API for GraphQL](https://learn.microsoft.com/en-us/fabric/data-engineering/connect-apps-api-graphql). Also they have provided a git hub link to [ fabric-samples](https://github.com/microsoft/fabric-samples/blob/main/docs-samples/data-engineering/GraphQL/Python/s...). This has already worked as a python script using MSAL library, and I was able to access the graphql data.

I have also read this [Generating token for Fabric Rest api using client secret](https://stackoverflow.com/questions/78226072/generating-token-for-fabric-rest-api-using-client-secre...).

I have been able to generate a token using these parameters:

```
URL: https://login.microsoftonline.com/********/oauth2/v2.0/token
Body:
grant_type: client_credentials
client_id: ******
client_secret: *****
scope: 'https://analysis.windows.net/powerbi/api/.default' AND 'https://api.fabric.microsoft.com/.default'
```
Note:
Tried both scopes
As a POST request
The body is in x-www-form-urlencoded with the parameters mentioned above, in postman.


After the token is generated, I am trying another POST request as:

```
URL: https://api.fabric.microsoft.com/v1/workspaces/****/graphqlapis/****/graphql

Headers:
Authorization: Bearer {Token generated above}
Content-Type: application/json

Body
GraphQL type:
{
"query": "{ table1s { items { col1 } } }"
}
```

In the app registration I have given permissions as the doc suggests. Also, I have tried all of the authentications, 'Mobile and desktop applications', 'Web' etc, the
'Allow public client flows' setting is also enabled. I am putting 'http://localhost:52189' as the redirect URL, this was for testing it with the python code as the link above suggested.

The App is an admin in my fabric workspace. I am also the owner, and the cloud Application Administrator of the app.

What more am I missing?

1 ACCEPTED SOLUTION

@SauravRajJoshi I think Stand alone Service Principals are not supported currently in GraphQL. You have to provide delegated permissions to the Service principal for it to access the data from the SQL endpoint. 

 

When you use delegated permissions, you must authenticate the service principal as well as the user. Read the below link to know more. 

 

govindarajan_d_0-1721717026820.png

 

https://learn.microsoft.com/en-us/entra/identity-platform/permissions-consent-overview#delegated-acc...

 

https://learn.microsoft.com/en-us/fabric/data-engineering/graphql-faq#does-the-api-for-graphql-clien...

 

View solution in original post

4 REPLIES 4
rubayatyasmin
Super User
Super User

Hi, @SauravRajJoshi 

 

what permission are you giving to the app? I think at least contributor access is required. 

 

refer: c# - Generating token for Fabric Rest api using client secret - Stack Overflow

 

also, check the status code. 

 

Solved: Rest API Access token using OAuth Token - Microsoft Fabric Community


Did I answer your question? Mark my post as a solution!super-user-logo

Proud to be a Super User!


Hi @rubayatyasmin ,

As I have mentioned above, the service principal is an admin in my fabric workspace, I have also added the same link above in my question, I have already followed along every step and given all of the permissions mentioned in the docs and forums.

 

The issues still persists.

@SauravRajJoshi I think Stand alone Service Principals are not supported currently in GraphQL. You have to provide delegated permissions to the Service principal for it to access the data from the SQL endpoint. 

 

When you use delegated permissions, you must authenticate the service principal as well as the user. Read the below link to know more. 

 

govindarajan_d_0-1721717026820.png

 

https://learn.microsoft.com/en-us/entra/identity-platform/permissions-consent-overview#delegated-acc...

 

https://learn.microsoft.com/en-us/fabric/data-engineering/graphql-faq#does-the-api-for-graphql-clien...

 

I want to try connecting applications to Fabric API for GraphQL. I'm unsure if the account used to create a GraphQL API in Fabric has to be the same as the Azure account used to create Microsoft Entra?

Helpful resources

Announcements
November Carousel

Fabric Community Update - November 2024

Find out what's new and trending in the Fabric Community.

Live Sessions with Fabric DB

Be one of the first to start using Fabric Databases

Starting December 3, join live sessions with database experts and the Fabric product team to learn just how easy it is to get started.

Las Vegas 2025

Join us at the Microsoft Fabric Community Conference

March 31 - April 2, 2025, in Las Vegas, Nevada. Use code MSCUST for a $150 discount! Early Bird pricing ends December 9th.

Nov PBI Update Carousel

Power BI Monthly Update - November 2024

Check out the November 2024 Power BI update to learn about new features.