azure-active-directorymicrosoft-graph-apiazure-data-factorybearer-tokenpowerbi-api

Error getting Microsoft Entra Id (AAD) Token using ADF - 404 : NotFound


I'm trying to get an AAD token so that I can use in another Web activity to refresh PBI datasets.

However, I'm getting this error when trying to get an AAD Token:.

Invoking endpoint failed with HttpStatusCode - '404 : NotFound', message - 'The requested endpoint(url) does not exist on the server. Please verify the request server and retry.'

This is what the Web Activity looks like.

enter image description here

The URL is:

https://login.microsoftonline.com/@{pipeline().globalParameters.TenantId}/oauth2/v2.0/token'

The Body is:

@concat(
    'grant_type=client_credentials'
    ,'&resource=https://graph.microsoft.com/.default'
    ,'&client_id='
    ,activity('Get SP ClientId').output.value
    ,'&client_secret='
    ,encodeUriComponent(activity('Get SP Secret').output.value)
)

I've tried https://analysis.windows.net/powerbi/api for the Resource and I still get the same error.

The input for the Web Activity looks like this:

{
    "method": "POST",
    "headers": {
        "Content-Type": "application/x-www-form-urlencoded"
    },
    "url": "https://login.microsoftonline.com/<tenant id>/oauth2/v2.0/token'",
    "body": "grant_type=client_credentials&resource=https://graph.microsoft.com/.default&client_id=<client id>&client_secret=<client secret>"
}

enter image description here


Solution

  • The error occurred as your URL includes one extra quote and you are using resource parameter with v2.0 token endpoint.

    Initially, I too got same error when I tried to get access token by passing same values as you:

    enter image description here

    To resolve the error, you need to use below modified parameters:

    URL: https://login.microsoftonline.com/tenantId/oauth2/v2.0/token

    Method: POST

    Body:

    @concat(
        'grant_type=client_credentials'
        ,'&scope=https://graph.microsoft.com/.default'
        ,'&client_id='
        ,activity('Get SP ClientId').output.value
        ,'&client_secret='
        ,encodeUriComponent(activity('Get SP Secret').output.value)
    )
    

    Input:

    enter image description here

    Output:

    enter image description here

    Note that, this token will only work to call Microsoft Graph API as the scope is https://graph.microsoft.com/.default.

    To get access token for Power BI, you need to change your scope value by modifying Body like this:

    @concat(
        'grant_type=client_credentials'
        ,'&scope=https://analysis.windows.net/powerbi/api/.default'
        ,'&client_id='
        ,activity('Get SP ClientId').output.value
        ,'&client_secret='
        ,encodeUriComponent(activity('Get SP Secret').output.value)
    )
    

    Input:

    enter image description here

    Output:

    enter image description here

    You can now use this access token to make requests to Power BI API.