March 31 - April 2, 2025, in Las Vegas, Nevada. Use code MSCUST for a $150 discount! Early bird discount ends December 31.
Register NowBe one of the first to start using Fabric Databases. View on-demand sessions with database experts and the Microsoft product team to learn just how easy it is to get started. Watch now
Hello everyone,
I'm encountering a persistent issue with handling refresh tokens in my custom Power BI connector, and I could use some expert advice.
Problem Description:
Details:
Token and Expiration: Along with the access token, we receive an expiration time and a refresh token.
Refresh Token Request Issue: When attempting to use the refresh token, the refresh request is sent twice in quick succession:
User Interruption: This issue causes an interruption where a window is displayed asking users to re-enter their credentials while data is being fetched from the API.
Current Implementation:
StartLogin = (resourceUrl, state, display) =>
let
codeVerifier = Text.NewGuid() & Text.NewGuid(),
AuthorizeUrl = authorizationUri
& "?"
& Uri.BuildQueryString(
[
client_id = clientId,
response_type = "code",
code_challenge_method = "plain",
scope = scope,
code_challenge = codeVerifier,
state = state,
redirect_uri = callbackUri
]
)
in
[
LoginUri = AuthorizeUrl,
CallbackUri = callbackUri,
WindowHeight = 800,
WindowWidth = 600,
Context = codeVerifier
];
FinishLogin = (context, callbackUri, state) =>
let
Parts = Uri.Parts(callbackUri)[Query]
in
TokenMethod(Parts[code], "authorization_code", context);
TokenMethod = (code, grant_type, optional verifier) =>
let
codeVerifier = if (verifier <> null) then [code_verifier = verifier] else [],
codeParameter = if (grant_type = "authorization_code") then [code = code] else [refresh_token = code],
query = codeVerifier
& codeParameter
& [
client_id = clientId,
grant_type = grant_type,
redirect_uri = callbackUri
],
ManualHandlingStatusCodes = {400, 403},
Response = Web.Contents(
tokenUri,
[
Content = Text.ToBinary(Uri.BuildQueryString(query)),
Headers = [
#"Content-type" = "application/x-www-form-urlencoded",
#"Accept" = "application/json"
],
ManualStatusHandling = ManualHandlingStatusCodes
]
),
Parts = Json.Document(Response)
in
// check for error in response
if (Parts[error]? <> null) then
error Error.Record(Parts[error], Parts[message]?)
else
Parts;
Refresh = (resourceUrl, refresh_token) =>
TokenMethod(refresh_token, "refresh_token");
// Data Source Kind description
SampleConnector = [
Authentication = [
OAuth = [
StartLogin = StartLogin,
FinishLogin = FinishLogin,
Refresh = Refresh
]
],
Label = "Sample Connector"
];
Hi @Suraj_Ncircle ,
It sounds like your custom Power BI connector is struggling with handling the refresh token properly, causing redundant requests and user interruptions. Please ensure that only one refresh token request is issued at a time:
shared Refresh = (resourceUrl, refresh_token) =>
let
// Ensure only one refresh request is in process at a time
TokenRefresh = createTokenRefreshFunction(refresh_token),
Result = TokenRefresh()
in
Result;
createTokenRefreshFunction = (refresh_token) =>
let
inProgress = false,
cachedToken = null,
refreshTokenFunction = () =>
if inProgress then
cachedToken
else
let
_ = (inProgress := true),
newToken = TokenMethod(refresh_token, "refresh_token"),
_ = (cachedToken := newToken),
_ = (inProgress := false)
in
newToken
in
refreshTokenFunction;
Best Regards
Hi
I have a similar problem and I hope you might be able to help.
I have a custom connector that works. It authenticates to Auth0 and gets a token that expires in 24 hours. The refresh token method also works and the expired token is refreshed.
My problem is that the "refresh_token" itself expires after 7 days and even though my Auth0 is set up to rotate refresh tokens, something is not working there. The refresh token expires and I have to do a manual refresh (re-sign-in to generate a new token) before 7 days in order for the next 7 days of refreshing kicks in.
So, my question is this: what do I need to do to get the rotated refresh token to be used?
The bit about all this that puzzles me is that even though the refresh token rotation is enabled on Auth0, I guess it is not really rotating the refresh token because, if it was, the second attempt to refresh using the old refresh token would fail.
At any rate, the symptoms of what is happening seems to indicate that the refresh token is not rotating and the old refresh token is reused until it expires (in 7 days in my case)
Here is my code if it helps any:
StartLogin = (dataSourcePath, state, display) =>
let
json = Json.Document(dataSourcePath),
codeVerifier = Text.NewGuid() & Text.NewGuid(),
codeChallenge = Base64UrlEncodeWithoutPadding(Crypto.CreateHash(CryptoAlgorithm.SHA256, Text.ToBinary(codeVerifier, TextEncoding.Ascii))),
AuthorizeUrl = json[auth_url] & "?" & Uri.BuildQueryString([
client_id = json[client_id],
state = state,
redirect_uri = redirect_uri,
scope = DataMosaixDefaults[Scope],//json[scope],
audience = DataMosaixDefaults[Audience],//json[audience],
code_challenge_method = "S256",
code_challenge = codeChallenge,
response_type = "code"])
in
[
LoginUri = AuthorizeUrl,
CallbackUri = redirect_uri,
WindowHeight = windowHeight,
WindowWidth = windowWidth,
Context = [code_verifier = codeVerifier]
];
FinishLogin = (clientApplication, dataSourcePath, context, callbackUri, state) =>
let
json = Json.Document(dataSourcePath),
Parts = Uri.Parts(callbackUri)[Query]
in
TokenMethod("authorization_code", json[deployment], Parts[code], json[token_url], json[client_id], context);
Refresh = (dataSourcePath, refreshToken, oldCredential) =>
let
json = Json.Document(dataSourcePath),
refreshToken = oldCredential[refresh_token],
result = TokenMethod("refresh_token", json[deployment], refreshToken, json[token_url], json[client_id])
in
result;
TokenMethod = (grant_type, deployment, authCode, token_url, client_id, optional context) =>
let
CodeVerifier = if (context <> null) then [code_verifier = context[code_verifier]] else [],
Parameters = if (grant_type = "authorization_code") then [ redirect_uri = redirect_uri, code = authCode ] else [ refresh_token = authCode ],
Response = Web.Contents(token_url, [
Content = Text.ToBinary(Uri.BuildQueryString([
client_id = client_id,
grant_type = grant_type,
redirect_uri = redirect_uri] & Parameters & CodeVerifier)),
Headers=[#"Content-type" = "application/x-www-form-urlencoded",#"Accept" = "application/json"]]),
RefreshToken = if (grant_type = "authorization_code") then [] else [ refresh_token = authCode ],
Parts = Json.Document(Response)
in
Parts;
March 31 - April 2, 2025, in Las Vegas, Nevada. Use code MSCUST for a $150 discount!
Arun Ulag shares exciting details about the Microsoft Fabric Conference 2025, which will be held in Las Vegas, NV.
User | Count |
---|---|
8 | |
1 | |
1 | |
1 | |
1 |
User | Count |
---|---|
9 | |
3 | |
2 | |
2 | |
2 |