Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Welcome To Ask or Share your Answers For Others

Categories

0 votes
299 views
in Technique[技术] by (71.8m points)

python - Client-credentials don't work for powerBI REST API

I'm trying to implement the daemon authentication flow. The following post request returns me an access token with the right scope:

p_url = 'https://login.microsoftonline.com/' + 'xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx' + '/oauth2/token'
data = { 'grant_type':'client_credentials',
         'client_id': 'xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx',
         'client_secret': 'L------------------------------------------=',
         'resource':'https://analysis.windows.net/powerbi/api' }
r = requests.post(url=p_url, data=data)

I receive the following response

{
  "access_token" : "ey------------"
  "expires_on" : "1454857253",
  "not_before" : "1454853353",
  "expires_in" : "3600",
  "token_type" : "Bearer",
  "scope" : "Dashboard.Read.All Data.Alter_Any Dataset.Read.All Dataset.ReadWrite.All Report.Read.All",
  "resource" : "https://analysis.windows.net/powerbi/api"
}

response = json.loads(r.text)
token = response['access_token']
headers = { 'Authorization': 'Bearer ' + token }
response = requests.get('https://api.powerbi.com/v1.0/myorg/datasets', headers=headers)

I use the endpoint from the applications "view endpoints" page. However, when I attempt to get list of "datasets" I always receive 403. What might be missing from the acquire token process?

See Question&Answers more detail:os

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Reply

0 votes
by (71.8m points)

Your flow is a bit short. REST call for datasets seems OK, but as far as I know, you have to request the access token by authorization code, not client credentials alone.

1) Get authorization code

Depends on your flow, for website it will be received during logon process or call to /oauth2/authorize with { 'response_type':'code }

2) Get access token

With authorization code in a variable, you have to modify your request to include to authorization code, like this (grant_type and code fields are altered):

p_url = 'https://login.microsoftonline.com/' + 'xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx' + '/oauth2/token'
data = { 'grant_type':'authorization_code',
     'client_id': 'xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx',
     'client_secret': 'L------------------------------------------=',
     'code': authorizationCodeForSingedInUser,
     'resource':'https://analysis.windows.net/powerbi/api' }
r = requests.post(url=p_url, data=data)

Basically saying, you have to have a user account that accesses the Power BI resource. Your website (clientid + secret) are not authorized by itself. There must be a user involved.

What's more, afaik only "organization account" users can access power bi.

To be explicit and underline the main cause in this thread, post and comments: Power BI REST API can only be used via User with credentials with Organizational Account and be already signed in (activated) Power BI on Power BI portal. You can check if REST Api will work by checking if this user is able to use Power BI portal manually.


与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
OGeek|极客中国-欢迎来到极客的世界,一个免费开放的程序员编程交流平台!开放,进步,分享!让技术改变生活,让极客改变未来! Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

...