my team and I are trying to embed a PowerBi Report using the PowerBiEmbed component in order to visualize it without repeating the signin procedure every time you access to the dashboard app in a Microsoft Teams context.
Basically, we are missing how to generate the Bearer access token to use in the API request https://api.powerbi.com/v1.0/myorg/groups/{MY_WORKSPACE_ID}/reports/{MY_REPORT_ID}/GenerateToken
to generate the actual token to use in embedding inside the component.
We figured out that using the token that PowerBi actually use when you login into its client, grabbed from the resource headers through inspection, has a particular scope (user_impersonation) that we are trying to replicate in some way because, using that token in Postman requests, we are obtaining the embed token correctly and everything works fine.
So our and my doubts are:
- Microsoft has to generate this access token somewhere when i login, where and/or how?
- which api do we need to call to get this bearer access token? is it
https://login.microsoftonline.com/common/oauth2/authorize? Or is there an SDK or something that implements these calls? - do we need to configure an AAD client application? If so, what permission should we check?
- is there a way to get this special access token with user_impersonation scope?
- if i'm already in an authenticated context (i.e. Teams) can I skip this authentication step?
I really need some clarification about this kind of stuffs.
Could you please try use this requset to generate access token and use this token to take a try?
And app api permission in azure ad application.
I can call this api in my side: