How to get a Bearer access_token to embed a PowerBi Report using PowerBiEmbed React component in MS Teams context?

922 views Asked by At

my team and I are trying to embed a PowerBi Report using the PowerBiEmbed component in order to visualize it without repeating the signin procedure every time you access to the dashboard app in a Microsoft Teams context.

Basically, we are missing how to generate the Bearer access token to use in the API request https://api.powerbi.com/v1.0/myorg/groups/{MY_WORKSPACE_ID}/reports/{MY_REPORT_ID}/GenerateToken to generate the actual token to use in embedding inside the component.

We figured out that using the token that PowerBi actually use when you login into its client, grabbed from the resource headers through inspection, has a particular scope (user_impersonation) that we are trying to replicate in some way because, using that token in Postman requests, we are obtaining the embed token correctly and everything works fine.

So our and my doubts are:

  • Microsoft has to generate this access token somewhere when i login, where and/or how?
  • which api do we need to call to get this bearer access token? is it https://login.microsoftonline.com/common/oauth2/authorize? Or is there an SDK or something that implements these calls?
  • do we need to configure an AAD client application? If so, what permission should we check?
  • is there a way to get this special access token with user_impersonation scope?
  • if i'm already in an authenticated context (i.e. Teams) can I skip this authentication step?

I really need some clarification about this kind of stuffs.

1

There are 1 answers

2
Tiny Wang On

Could you please try use this requset to generate access token and use this token to take a try?

POST {tenant}/oauth2/v2.0/token
Host: login.microsoftonline.com
Content-Type: application/x-www-form-urlencoded

client_id=xxxx
&scope=https://analysis.windows.net/powerbi/api/Report.ReadWrite.All
&[email protected]
&password=xxx
&grant_type=password

enter image description here

And app api permission in azure ad application.

enter image description here enter image description here

I can call this api in my side:

enter image description here