Closed jgibbycsc closed 3 years ago
klinejordan
commented
3 years ago Not that I am aware of but I'm not really in the weeds with the authentication part of this connector.
The Dataset Datasources As Admin query is also explicitly called out as being experimental because it has known performance issues in even medium sized tenants.
migueesc123
commented
3 years ago @jgibbycsc it depends on the version of the connector that you're using. Are you using the currently published version? If yes, that uses a specific application provided by Microsoft to run the refreshes. This application is private and has a first level of trust with all tenants under the AAD ecosystem. It handles pretty much everything for you including the refresh token mechanism.
If you're using a prior version of the connector that required you to enter your own web application and secret key, then that one also handles the RefreshToken as well.
How a connector works is that when it fails for a reason such as a 401 during a refresh process, it'll try to execute the refresh token component of your code to get a new token and try again with that one. If for some reason your refresh token has expired or has been invalidated, then the full refresh process will be halted.
The documentation below might give you more info as to how things work with custom connectors: https://docs.microsoft.com/en-us/power-query/samples/github/readme#oauth-and-power-bi
My best recommendation is for you to monitor with something like Fiddler what calls are being made by your gateway and see exactly when the error happens and why. That would be the best way to troubleshoot the scenario that you're describing.
Chris-Burgess-ACTGOV
commented
3 years ago @migueesc123 re:
.... uses a specific application provided by Microsoft to run the refreshes. This application is private and has a first level of trust with all tenants under the AAD ecosystem.
Is there any doco on this or can you point me to MS source or how to request suchlike for our tenancy. (At the minute we cannot use custom connectors and going down the 'extend token to 12/24' path or looking at an AaD service account to expose and consume refresh token (not preferred) so any intel on the 'app' super appreciated!!
Cheers
Chris
migueesc123
commented
3 years ago @Chris-Burgess-ACTGOV here’s the documentation to that component inside the custom connector: https://docs.microsoft.com/en-us/power-query/handlingauthentication#azure-active-directory-authentication
It briefly talks about that Microsoft registered application that handles the OAuth when the AAD auth is defined for the custom connector.
migueesc123
commented
3 years ago Closing as this goes beyond the scope of what we can do with the custom connector.
I suggest getting in touch with Microsoft team behind custom connectors for a more thorough explanation around how the AAD authentication kind works for custom connectors on their repo https://github.com/Microsoft/DataConnectors/
Hello, our token lifetime is set to 60 minutes. When refreshing from Power BI Service, the refresh operation runs for about an hour, then we get 403 Access Forbidden and the refresh fails. This is when querying Datasources as Admin. Is there logic in the pq to refresh the token at an interval or with every call to the API?
Thanks, Joel