客户端凭证不适用于powerBI REST API [英] Client-credentials don't work for powerBI REST API

查看：190 发布时间：2020/5/3 9:17:43 python rest authentication adal powerbi

本文介绍了客户端凭证不适用于powerBI REST API的处理方法，对大家解决问题具有一定的参考价值，需要的朋友们下面随着小编来一起学习吧！

问题描述

我正在尝试实现守护程序身份验证流程. 以下发布请求向我返回了具有正确范围的访问令牌:

p_url = 'https://login.microsoftonline.com/' + 'xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx' + '/oauth2/token'
data = { 'grant_type':'client_credentials',
         'client_id': 'xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx',
         'client_secret': 'L------------------------------------------=',
         'resource':'https://analysis.windows.net/powerbi/api' }
r = requests.post(url=p_url, data=data)

我收到以下回复

{
  "access_token" : "ey------------"
  "expires_on" : "1454857253",
  "not_before" : "1454853353",
  "expires_in" : "3600",
  "token_type" : "Bearer",
  "scope" : "Dashboard.Read.All Data.Alter_Any Dataset.Read.All Dataset.ReadWrite.All Report.Read.All",
  "resource" : "https://analysis.windows.net/powerbi/api"
}

response = json.loads(r.text)
token = response['access_token']
headers = { 'Authorization': 'Bearer ' + token }
response = requests.get('https://api.powerbi.com/v1.0/myorg/datasets', headers=headers)

我使用应用程序查看端点"页面中的端点. 但是，当我尝试获取数据集"列表时，我总是收到403.获取令牌过程中可能缺少什么?

解决方案

您的流程有点短.对数据集的REST调用似乎还可以，但是据我所知，您必须通过授权代码而不是仅客户端凭据来请求访问令牌.

1)获取授权码

取决于您的流量，对于网站，它将在登录过程中收到，或通过{'response_type':'code}致电/oauth2/authorize

2)获取访问令牌

在变量中使用授权码时，您必须修改请求以包括在授权码中，如下所示(grant_type和code字段已更改):

p_url = 'https://login.microsoftonline.com/' + 'xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx' + '/oauth2/token'
data = { 'grant_type':'authorization_code',
     'client_id': 'xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx',
     'client_secret': 'L------------------------------------------=',
     'code': authorizationCodeForSingedInUser,
     'resource':'https://analysis.windows.net/powerbi/api' }
r = requests.post(url=p_url, data=data)

基本上，您必须具有访问Power BI资源的用户帐户.您的网站(clientid +机密)未经其自身授权.必须有一个用户参与.

此外，只有afaik的组织帐户"用户可以访问power bi.

为明确起见并强调此线程的主要原因，请发表和评论:Power BI REST API仅可通过具有组织帐户凭据的用户使用，并且已经在 Power BI门户来检查REST Api是否可以正常工作. >

I'm trying to implement the daemon authentication flow. The following post request returns me an access token with the right scope:

p_url = 'https://login.microsoftonline.com/' + 'xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx' + '/oauth2/token'
data = { 'grant_type':'client_credentials',
         'client_id': 'xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx',
         'client_secret': 'L------------------------------------------=',
         'resource':'https://analysis.windows.net/powerbi/api' }
r = requests.post(url=p_url, data=data)

I receive the following response

{
  "access_token" : "ey------------"
  "expires_on" : "1454857253",
  "not_before" : "1454853353",
  "expires_in" : "3600",
  "token_type" : "Bearer",
  "scope" : "Dashboard.Read.All Data.Alter_Any Dataset.Read.All Dataset.ReadWrite.All Report.Read.All",
  "resource" : "https://analysis.windows.net/powerbi/api"
}

response = json.loads(r.text)
token = response['access_token']
headers = { 'Authorization': 'Bearer ' + token }
response = requests.get('https://api.powerbi.com/v1.0/myorg/datasets', headers=headers)

I use the endpoint from the applications "view endpoints" page. However, when I attempt to get list of "datasets" I always receive 403. What might be missing from the acquire token process?

解决方案

Your flow is a bit short. REST call for datasets seems OK, but as far as I know, you have to request the access token by authorization code, not client credentials alone.

1) Get authorization code

Depends on your flow, for website it will be received during logon process or call to /oauth2/authorize with { 'response_type':'code }

2) Get access token

With authorization code in a variable, you have to modify your request to include to authorization code, like this (grant_type and code fields are altered):

p_url = 'https://login.microsoftonline.com/' + 'xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx' + '/oauth2/token'
data = { 'grant_type':'authorization_code',
     'client_id': 'xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx',
     'client_secret': 'L------------------------------------------=',
     'code': authorizationCodeForSingedInUser,
     'resource':'https://analysis.windows.net/powerbi/api' }
r = requests.post(url=p_url, data=data)

Basically saying, you have to have a user account that accesses the Power BI resource. Your website (clientid + secret) are not authorized by itself. There must be a user involved.

What's more, afaik only "organization account" users can access power bi.

To be explicit and underline the main cause in this thread, post and comments: Power BI REST API can only be used via User with credentials with Organizational Account and be already signed in (activated) Power BI on Power BI portal. You can check if REST Api will work by checking if this user is able to use Power BI portal manually.

这篇关于客户端凭证不适用于powerBI REST API的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！

查看全文

客户端凭证不适用于powerBI REST API [英] Client-credentials don't work for powerBI REST API

问题描述

相关文章

Python最新文章

热门教程

热门工具

登录关闭

客户端凭证不适用于powerBI REST API [英] Client-credentials don&#39;t work for powerBI REST API

问题描述

相关文章

Python最新文章

热门教程

热门工具

登录 关闭

客户端凭证不适用于powerBI REST API [英] Client-credentials don't work for powerBI REST API

登录关闭