Reputation: 11019
Authenticating with ADAL via REST
I would like to be able to make some API calls to Microsoft Power BI. According to the overview documentation a token needs to be obtained using ADAL (Active Directory Authorization Library). I was planning to interface with Power BI via a REST interface but I am not sure how I go about authenticating with ADAL using a REST interface (i.e. purely via HTTP). Examples I have found all show authenticating with ADAL directly with an ADAL DLL and server on premises. Nothing over HTTP.
Has anyone performed authentication with ADAL via a REST implementation?
Upvotes: 0
Views: 657
Answers (1)
Reputation: 156
For ADAL, the first step is to register the application. There is a sample that covers that topic in the Readme of the PowerBI-Developers-Repo in GitHub here. Once you have an application registration created, ADAL token acquisition is could be different depending on whether you are trying to get an App Only token or token for a User. This is dependent on the whether in the application registration you gave it App Permissions (service or daemon, full access to the data) or Delegated Permissions (user scoped, the API can only have access to what the current user has permission). The concepts are discussed in some detail here.
So purely using REST Delegated token acquisitions would be hard, as ADAL requires interaction with the user. However, for a good proof of concept, the App-only token is meant for non-interaction. That is documented here in the Microsoft Docs for Azure Active Directory. That acquisition would be a simple POST like this:
POST <https://login.microsoftonline.com/{tenant}/oauth2/token> HTTP/1.1
Content-Type: application/x-www-form-urlencoded
grant_type=client_credentials
&client_id={application id from the Application registration}
&client_secret={Application Key from Azure AD registration}
&resource=https%3A%2F%analysis.windows.net/powerbi/api%2F
The full detail on that call is available here.
For the user token, you could do this:
// Line breaks for legibility only
https://login.microsoftonline.com/{tenant}/oauth2/authorize?
client_id={Application ID from the registration}
&response_type=token
&redirect_uri={URL encoded redirect from application registration}
&response_mode=query
&resource=https%3A%2F%analysis.windows.net/powerbi/api%2F
&state=12345
The problem with this is that it will have interactive login for the user, so not really REST in that case. If you just browsed to that URL in your browser, replacing {tenant} with your tenant name or ID, the redirect will have a URL parameter access_token that will be your JWT token. But for a per REST test and learning, I'd suggest trying the App-only token method first. Once you have that just add the Header: Authorization: bearer access_token to your REST calls for the API.
Upvotes: 2
Related Questions
- ADAL.JS - Support POST method? Support normal auth code flow?
- Pass SAML response from a Web App to the REST API for authentication?
- Reproducing an ADAL.JS-authenticated request in Postman
- Auth0 and ADAL.NET
- ADAL v3: How to authenticate using UserPasswordCredential?
- How to access and use Delegated Adal token
- Cant authenticate user silently with ADAL for Office 365 REST API on ASP.NET MVC
- Adal authenticate to a different authority
- ADAL and OAuth Assertion flow
- ADAL: The request body must contain the following parameter: client_secret