AcquireTokenAsync(resource, clientId, userCreds) does not function in PowerShell #1130
Comments
|
What version of PowerShell are you using? And of ADAL? Could you paste a code sample of how you are calling AcquireTokenAsync from PS? |
|
PS Version: 5.1.15063 ADAL version: tried with all the 3.X versions. All failed. Latest working is V. 2.18 |
|
Which overload of AcquireTokenAsync are you using? public async Task AcquireTokenAsync( |
|
No This overlaod method is shown and works perfectly in C# but for some reasons does not appear in PS. |
|
Got it, I know what the problem is. This overload of AcquireTokenAsync was moved to an extension class. I believe the reason for this was to make it less discover-able (sic) since we don't encourage using this low. So to invoke it from PowerShell you would use smth like:
|
|
Tried this code like you suggested but result in Could you please suggest how to modify it for let it working?
|
|
@sgiovinetti - you need to use the fully qualified name for AuthenticationContextIntegratedAuthExtensions, i.e.
|
|
Oh and by the way, PS 5+ does have a using namespace construct, i.e. ` $adalDll = [Reflection.Assembly]::LoadFile("<path_to>\Microsoft.IdentityModel.Clients.ActiveDirectory.dll") $ADAuthorityURL = "https://login.windows.net/common/oauth2/authorize/" Write-Host "Retrieving the AAD Credentials..."; $credential = New-Object UserPasswordCredential($AADuserName, $AADpassword); $ResultAAD = $authenticationResult.AccessToken; |
|
Great this works! |
|
@bgavrilMS FYI, I've added a small paragraph in the conceptual documentation: https://github.com/AzureAD/azure-activedirectory-library-for-dotnet/wiki/Acquiring-tokens-with-username-and-password#using-the-usernamepassword-flow-from-powershell |
This comment has been minimized.
This comment has been minimized.
|
@bgavrilMS and @jmprieur : why this flow is not recommended by MS and at the same time is the unique method for retrieving an AAD token valid for calling the Power BI generate token API for embedding a dashboard in "App owns data" scenario like is referenced here and also in this code? |
|
@sgiovinetti : Username/Password is not recommended for many reasons, explained in #482. In particular it is not compatible with Azure AD tenants where the administrator has enabled conditional access policies (for instance two factor authentication) We need to work with the PowerBI people so that they change their samples to use the Onbehalf of flow or the client credentials flow. |
|
@jmprieur: client credentials flow does not function in PBI. I checked already in a call with MS support. You need to authenticate passing a user identity because on MS/PBI side they use to validate that you own a PBI pro license. Maybe the Onbehalf of flow is the unique viable solution but I was not able to find any sample anywhere. Would be great if you can provide one. |
|
@sgiovinetti : On-behalf-of is explained in Service to service calls on behalf of the user, and there are 2 samples (see the bottom of that page) |
|
@jmprieur : This 2 samples imply that user login interactively. This is not the PBI scenario. Here we have an internet web app where users do not authenticate at all. The app backend needs to call the Power BI API impersonating what MS calls master user that is a unique fictitious user that owns a PBI pro license and requires the PBI dashboards/reports etc. on behalf of all the internet not authenticated users. If there is another way please share and align with PBI product team because they say that password flow is the unique working for embedding PBI dashbaords/reports etc. |
AcquireTokenAsync(resource, clientId, userCreds)throwsCannot find an overload for "AcquireTokenAsync" and the argument count: "3".in PowerShell.The same method call works perfectly in .NET.
This is an issue only affecting ADALV3 and above. V2 works correctly.
The text was updated successfully, but these errors were encountered: