is "Client_credential" grant type can be used to access powerBI scopes?

Question

In my project, I am trying to get embed report information from powerBI without interactive login. so far I am able to get the information using "password" grant; when I am trying to do the same thing using "Password" grant, it is giving me "unauthorized" error. I have hosted the application in my link to github.

explaination of the use:

Get access token to get access token for authentication.

var form = new Dictionary<string, string>();
form["grant_type"] = "password";
form["username"] = _config.Azure.Username;
form["password"] = _config.Azure.Password;
form["client_id"] = _config.Azure.ClientID;
form["client_secret"] = _config.Azure.ClientSecret;
form["scope"] = string.Join(" ",_config.Azure.Scopes);
var content = new FormUrlEncodedContent(form);
var input = new HttpInputModel
{
   BaseAddress = $"{_config.Azure.AuthorityUrl}/{_config.Azure.TenantID}/",
   Content = content,
   Headers = new Dictionary<string, string>
       {
           { "Content-Type","application/x-www-form-urlencoded" }
       },
   Url = "oauth2/v2.0/token"
};

use the above accesstoken came from above to get powerBI client.

var token = await _azureService.GetAccessToken();
var tokenCredentials = new TokenCredentials(token, "Bearer");
_client = new PowerBIClient(new Uri(_config.PowerBI.ApiUrl), tokenCredentials);

use the client to retrieve report information.

var workspaceId = reportInput.WorkspaceID;
var reportId = reportInput.ReportID;
var report = await _client.Reports.GetReportInGroupAsync(workspaceId, reportId);
var generateTokenRequestParameters = new GenerateTokenRequest(accessLevel: "view");
var tokenResponse = await _client.Reports.GenerateTokenAsync(workspaceId, reportId, generateTokenRequestParameters);
var output = new ReportOutput
{
     Username = _config.PowerBI.Username,
         EmbdedToken = tokenResponse,
         EmbedUrl = report.EmbedUrl,
         Id = reportInput.ReportID.ToString()
};
return output;

Conclusion: at the step 1: you can see I am using password grant type. When I tried "client_crdentials" in place of "password" and did not give "username" and "password". The generated "accesstoken" was giving "Unauthorized" exception in step 3.

Note:I have tried to search in a lot of forums and some of them say we can use "serviceprincipal". But I am not able to do that.

Please add the relevant code to the question, not just links to external sites — James Z, Jul 13 '21 at 09:13

score 0 · Answer 1 · answered Jul 15 '21 at 07:07

I tried to follow the microsoft article for it and in that article they have mentioned to add SPN in pwoerBI. I tried that alot of times but it never worked for me. Then i used another account andbit worked there so it was my accounts problem which was not allowing me to add SPN. I already posted whole solution in github eith steps. Here is the link: https://github.com/Donjay2101/API--access-powerbi-without-login

is "Client_credential" grant type can be used to access powerBI scopes?

1 Answers1