Open Closed

PowerBI Embed access token issue with ABP #5720


User avatar
0
Sagar.chinna created
  • ABP Framework version: 7.3.2
  • UI Type: MVC
  • Database System: EF Core (SQL Server)
  • Tiered (for MVC) or Auth Server Separated (for Angular): no
  • Exception message and full stack trace:
  • Steps to reproduce the issue:

Using Azure AD for Login to the ABP application and trying to call PowerBI API for embed the reports.

Azure Code

Token is generated by following post. https://support.abp.io/QA/Questions/5253/Token--Authentication

But token generated while login to the application not accepted by the PowerBI API

Azure AD API Permissions

Token is getting by the following code

public override async Task SignInAsync(IdentityUser user, AuthenticationProperties authenticationProperties, string authenticationMethod = null) { if (authenticationMethod == "AzureOpenId") // is github external login { var githubAuthenticateResult = await Context.AuthenticateAsync(IdentityConstants.ExternalScheme); if (githubAuthenticateResult.Succeeded) { if (githubAuthenticateResult.Properties != null) { authenticationProperties.StoreTokens(githubAuthenticateResult.Properties.GetTokens()); } } }

        await base.SignInAsync(user, authenticationProperties, authenticationMethod);
    }
}

access_token = await HttpContext.GetTokenAsync(OpenIdConnectParameterNames.AccessToken);

I am trying to fetch the data from the powerBI API by passing the token, but token is not accepted by the power BI API

$.ajax({ type: "GET", url: "https://api.powerbi.com/v1.0/myorg/groups", headers: { "Authorization": Bearer ${access_token} }, contentType: "application/json; charset=utf-8", success: function(data) { ....

We are trying the get the data from PowerBI API by using the AzureAD access token generated while login to the abp application.

But token not working for PowerBI API

Note: User has permission to access PowerBI Dashboards, Reporst, Datasets.

Please help to resolve the issue.

Thank you ABP.


5 Answer(s)
  • User Avatar
    0
    Anjali_Musmade created
    Support Team Support Team Member

    Hello Sagar.chinna,

    We are trying to reproduce this issue, but it will take some time. Please have a look at the links below if you think they may be useful. https://community.fabric.microsoft.com/t5/Service/Power-BI-Rest-API-wont-accept-Application-Token/m-p/2510908 https://community.fabric.microsoft.com/t5/Service/Power-BI-Rest-API-wont-accept-Application-Token/m-p/2514468#M160047

    Also could you please check you token details on https://jwt.io/ and share a screenshot of decoded details only

    Please do let me know if anything else is needed.

    Thank You, Anjali

  • User Avatar
    0
    Anjali_Musmade created
    Support Team Support Team Member

    hi

    what i want to check is for the scopes can you see if you have this scope in the token that you are getting inside abp from jwt.io?

  • User Avatar
    0
    Anjali_Musmade created
    Support Team Support Team Member

    Hi

    can you remove

    and add scopes like this

    please try this i am able to get reports like this.

  • User Avatar
    0
    Anjali_Musmade created
    Support Team Support Team Member

    Hi

    i didn't do any changes suggested on this ticket https://support.abp.io/QA/Questions/5253/Token--Authentication. here is the code that i have only added to abp io new mvc template

    added https://localhost:44350/signin-oidc as redirecturi in AzureAd App

    Step 1 Changes in web module

    Step 2 Changes in Pages/Account/Login.cshtml (note you have to create the Login.cshtm file and Account folder manually)

    Login.cshtml.cs code

    using Jupiter.Web;
    using Microsoft.AspNetCore.Authentication;
    using Microsoft.AspNetCore.Identity;
    using Microsoft.AspNetCore.Mvc;
    using Microsoft.Extensions.Configuration;
    using Microsoft.Extensions.Options;
    using Owl.reCAPTCHA;
    using System;
    using System.Linq;
    using System.Threading.Tasks;
    using Volo.Abp.Account.ExternalProviders;
    using Volo.Abp.Account.Public.Web;
    using Volo.Abp.Account.Public.Web.Pages.Account;
    using Volo.Abp.Account.Security.Recaptcha;
    using Volo.Abp.DependencyInjection;
    using Volo.Abp.Security.Claims;
    
    namespace Jupiter.Web.Pages.Account
    {
        [ExposeServices(typeof(LoginModel))]
        [Dependency(ReplaceServices = true)]
        public class AppLoginModel : LoginModel
        {
            private readonly IConfiguration _configuration;
            public AppLoginModel(IAuthenticationSchemeProvider schemeProvider, IOptions< AbpAccountOptions > accountOptions, IAbpRecaptchaValidatorFactory recaptchaValidatorFactory, IAccountExternalProviderAppService accountExternalProviderAppService, ICurrentPrincipalAccessor currentPrincipalAccessor, IOptions< IdentityOptions > identityOptions, IOptionsSnapshot< reCAPTCHAOptions > reCaptchaOptions, IConfiguration configuration) : base(schemeProvider, accountOptions, recaptchaValidatorFactory, accountExternalProviderAppService, currentPrincipalAccessor, identityOptions, reCaptchaOptions)
            {
                _configuration = configuration;
            }
    
            public override async Task< IActionResult > OnGetExternalLoginCallbackAsync(string returnUrl = "", string returnUrlHash = "", string remoteError = null)
            {
                var token = await SignInManager.GetExternalLoginInfoAsync();
                var accessToken = token?.AuthenticationTokens?.FirstOrDefault(x => x.Name == "access_token");
                var powerbi = new PowerBiServiceApi(_configuration, accessToken?.Value ?? string.Empty);
                HttpContext.Response.Cookies.Append("AuthToken", accessToken?.Value ?? string.Empty);
                var report = await powerbi.GetReport(Guid.Parse("workspaceid"), Guid.Parse("reportid"));
                return await base.OnGetExternalLoginCallbackAsync(returnUrl, returnUrlHash, remoteError);
            }
        }
    }
    
    

    Here is the code for PowerBiServiceApi

    using Microsoft.PowerBI.Api;
    using Microsoft.Rest;
    using System.Threading.Tasks;
    using System;
    using Microsoft.Extensions.Configuration;
    
    namespace Jupiter.Web
    {
        public class EmbeddedReportViewModel
        {
            public string Id;
            public string Name;
            public string EmbedUrl;
            public string Token;
        }
    
        public class PowerBiServiceApi
        {
            private string urlPowerBiServiceApiRoot { get; }
            private string AccessToken { get; }
    
            public PowerBiServiceApi(IConfiguration configuration, string accessToken)
            {
                this.urlPowerBiServiceApiRoot = configuration["PowerBi:ServiceRootUrl"];
                AccessToken = accessToken;
            }
    
            public static readonly string[] RequiredScopes = new string[] {
             "https://analysis.windows.net/powerbi/api/Report.Read.All"
         };
    
            public PowerBIClient GetPowerBiClient()
            {
                var tokenCredentials = new TokenCredentials(AccessToken, "Bearer");
                return new PowerBIClient(new Uri(urlPowerBiServiceApiRoot), tokenCredentials);
            }
    
            public async Task<EmbeddedReportViewModel> GetReport(Guid WorkspaceId, Guid ReportId)
            {
                PowerBIClient pbiClient = GetPowerBiClient();
                // Call the Power BI Service API to get embedding data
                var report = await pbiClient.Reports.GetReportInGroupAsync(WorkspaceId, ReportId);
    
                // Return report embedding data to caller
                return new EmbeddedReportViewModel
                {
                    Id = report.Id.ToString(),
                    EmbedUrl = report.EmbedUrl,
                    Name = report.Name,
                    Token = AccessToken
                };
            }
    
        }
    }
    
    

    Note i have save the azure ad access token to Cookies so you can access the token to make call while getting reports and workspace.

    do let me know if this doesn't work.

  • User Avatar
    0
    Sagar.chinna created

    Hi

    can you remove

    and add scopes like this

    please try this i am able to get reports like this.

    Hi Anjali, These changes are fine for get the access token for power BI.

    Thank you so much! :)

Made with ❤️ on ABP v9.1.0-preview. Updated on November 01, 2024, 05:35