Receiving a 'Forbidden (403)' when connecting to Power BI API

Question

We\'ve been trying to follow this Power BI article so that we can embed reports/dashboards in our SaaS product. Specifically, we\'re stuck at Step 3, \'Create the Embed Token.\

Answer 1

You are using client credential flow to acquire token for Power BI API . Currently , Power BI REST API only supports delegated permissions but does not support any application permissions . So your access token get insufficient access. To use Power BI, authentication needs to be based on a particular user. Related thread here and here are for your reference .

According to your document ,the scenario is app owns access to the data. Users will not necessarily be Power BI users and the application controls authentication and access for the end users. Then you can use resource owner flow to acquiring token .

A sample of this is available within Controllers\HomeController.cs of the App Owns Data sample.

From the code sample , it is acquring token using a user password credential ,not application's credential :

            // Create a user password cradentials.
            var credential = new UserPasswordCredential(Username, Password);

            // Authenticate using created credentials
            var authenticationContext = new AuthenticationContext(AuthorityUrl);
            var authenticationResult = await authenticationContext.AcquireTokenAsync(ResourceUrl, ClientId, credential);

Please refer to Authenticate users and get an Azure AD access token for your Power BI app and check the Access token for non-Power BI users (app owns data) section .