Authentication not granted for service principal token in MS Fabric API using Python
I am trying to connect to OneLake API in Microsoft Fabric using Python in VScode.
So far I have
- Registered an app in Azure with these API permissions
- Then created a secret for my service principal
- Then I try to get the token with this function, using azure.identity:
from azure.identity import ClientSecretCredential, AuthenticationRequiredError
def get_access_token(app_id, client_secret, directory_id):
try:
# Create the ClientSecretCredential using the provided credentials
credential = ClientSecretCredential(
client_id=app_id,
client_secret=client_secret,
tenant_id=directory_id
#scope="https://storage.azure.com/.default"
)
# Use the credential to get the access token
token = credential.get_token("https://storage.azure.com/.default").token
return token, credential
except AuthenticationRequiredError as e:
print("Authentication failed. Please check your credentials.")
raise e
except Exception as e:
print("An error occurred while getting the access token:")
print(str(e))
raise e
access_token, credential = get_access_token(app_id, client_secret, directory_id)
It seems I get the token fine and all. But there is something wrong with the permissions or scope or access. Because when I run this function to check for connection i get status code 400
def check_connection_with_onelake(access_token):
base_url = "https://onelake.dfs.fabric.microsoft.com/9c3ffd43-b537-4ca2-b9ba-0c59d0094033/Files/sample?resource=file"
token_headers = {
"Authorization": "Bearer " + access_token
}
try:
response = requests.put(base_url, headers=token_headers)
if response.status_code == 200:
print("Connection with OneLake is successful.")
else:
print("Failed to connect with OneLake. Status code:", response.status_code)
except requests.exceptions.RequestException as e:
print("An error occurred while checking the connection:", str(e))
# Assuming 'access_token' is already defined and contains a valid access token
check_connection_with_onelake(access_token)
- I also added the app's service principal to users in the Fabric workspace as an admin
Where am I missing access and how do I grant the correct access?
references: https://learn.microsoft.com/en-us/fabric/onelake/onelake-access-api https://amitchandak.medium.com/on-premise-python-code-to-local-sql-server-data-to-microsoft-fabric-lakehouse-using-token-d15b8795e349
Solution
I registered one Azure AD application and granted API permissions as below:
In my Fabric Workspace, I added above service principal as Admin same as you:
When I ran your python code in my environment, I too got status code 400. To know the exact error, I printed content of response like this:
import requests
from azure.identity import ClientSecretCredential, AuthenticationRequiredError
def get_access_token(app_id, client_secret, directory_id):
try:
# Create the ClientSecretCredential using the provided credentials
credential = ClientSecretCredential(
client_id=app_id,
client_secret=client_secret,
tenant_id=directory_id
#scope="https://storage.azure.com/.default"
)
# Use the credential to get the access token
token = credential.get_token("https://storage.azure.com/.default").token
return token, credential
except AuthenticationRequiredError as e:
print("Authentication failed. Please check your credentials.")
raise e
except Exception as e:
print("An error occurred while getting the access token:")
print(str(e))
raise e
access_token, credential = get_access_token("appId", "secret", "tenantId")
def check_connection_with_onelake(access_token):
base_url = "https://onelake.dfs.fabric.microsoft.com/0f0050d1-5601-47d0-9eb6-xxxxxxx/Files/sample?resource=file"
token_headers = {
"Authorization": "Bearer " + access_token
}
try:
response = requests.put(base_url, headers=token_headers)
if response.status_code == 200:
print("Connection with OneLake is successful.")
else:
print("Failed to connect with OneLake. Status code:", response.status_code)
print(response.content)
except requests.exceptions.RequestException as e:
print("An error occurred while checking the connection:", str(e))
# Assuming 'access_token' is already defined and contains a valid access token
check_connection_with_onelake(access_token)
Response:
The error occurred as you missed adding
LakehouseIdafter workspace ID in your base URL and you need to use GET request to check connection by removingresource=file.
You can find LakehouseId in address bar after /lakehouses/ when you open it in browser like this:
When I ran below modified code by changing the base_url and request type, I got response successfully like below:
import requests
from azure.identity import ClientSecretCredential, AuthenticationRequiredError
def get_access_token(app_id, client_secret, directory_id):
try:
# Create the ClientSecretCredential using the provided credentials
credential = ClientSecretCredential(
client_id=app_id,
client_secret=client_secret,
tenant_id=directory_id
#scope="https://storage.azure.com/.default"
)
# Use the credential to get the access token
token = credential.get_token("https://storage.azure.com/.default").token
return token, credential
except AuthenticationRequiredError as e:
print("Authentication failed. Please check your credentials.")
raise e
except Exception as e:
print("An error occurred while getting the access token:")
print(str(e))
raise e
access_token, credential = get_access_token("appId", "secret", "tenantId")
def check_connection_with_onelake(access_token):
base_url = "https://onelake.dfs.fabric.microsoft.com/0f0050d1-5601-47d0-9eb6-xxxxxxx/37a6ca4e-27b6-437b-800c-xxxxxxxxxx/Files/sample"
token_headers = {
"Authorization": "Bearer " + access_token
}
try:
response = requests.get(base_url, headers=token_headers)
if response.status_code == 200:
print("Connection with OneLake is successful.")
else:
print("Failed to connect with OneLake. Status code:", response.status_code)
print(response.content)
except requests.exceptions.RequestException as e:
print("An error occurred while checking the connection:", str(e))
# Assuming 'access_token' is already defined and contains a valid access token
check_connection_with_onelake(access_token)
Response:
- csv.reader() is separating values by individual character
- Python "forgets" variables? (between requests in web server context)
- "MultipleObjectsReturned or ObjectDoesNotExist error when accessing 'google' provider in Django-allauth"
- Mod operator in Free Pascal gives a different result than expected
- how to send a picture from server to client in python
- Condensing a Python method that does a different comparison depending on the operator passed
- How to merge and sum of two dictionaries in Python?
- How to create image of confusion matrix in Python
- How to add a date column with a condition?
- Access iPhone photo library using Kivy
- VS Code not picking up args list from launch.json
- Chrome 122 - How to allow insecure content? (Insecure download blocked)
- What is causing some points to fail sampling an enclosing mesh? / How do I prevent points from failing to sample an enclosing mesh?
- Modify JSON data in Python 3
- How to get the file modification date in UTC from Python
- What are the python builtin __exit__ argument types?
- How to plot a Probability Density Function in Python?
- Counter-intuitive results when mixing dataclass and enum
- Integer factorization in python
- IOError: Can't read data (Can't open directory) - Missing gzip compression filter
- Random word generator- Python
- Pass parameters to custom transformer in sklearn
- How to convert string to bytes in Python 3
- MongoEngine library doesn't allow to use its BaseFields for persisting data
- Identify broken XML files inside a zipped archive
- How to configure FastAPI logging so that it works both with Uvicorn locally and in production?
- Keep first instance of duplicate column name, unless empty then keep second instance of column
- rounding up time to last 30 mins interval
- How to install Python script on Windows?
- Apply a function to 2 columns in Polars