Power BI Report embed using ADAL.js

Question

I'm trying to embed Power BI Reports(User Owns Data) into ServiceNow Portal which only supports JavaScript. Hence, I've created the Azure AD App using Service Principal and written below code using node.js to get the access token.

<script src="https://secure.aadcdn.microsoftonline-p.com/lib/1.0.14/js/adal.min.js"></script>

<body>
<a href="#" onclick="login();">login</a>
<a href="#" onclick="getToken()">access token</a>
</body>
<script type="text/javascript">
    var configOptions = {
        tenant: <tenantid>, // Optional by default, it sends common
        clientId: <clientid>,
        redirectUri: "https://login.live.com/oauth20_desktop.srf",
        postLogoutRedirectUri: window.location.origin,
    }
    window.authContext = new AuthenticationContext(configOptions);

    var isCallback = authContext.isCallback(window.location.hash);
    authContext.handleWindowCallback();

    function getToken(){
        authContext.acquireToken("https://graph.microsoft.com",function(error, token){
            console.log(error);
            console.log(token);
        })
    }
    function login(){
        authContext.login();
    }
</script>

Question - When I execute the above code, I get id_token in browser URL. How can I access it for further embed process? What should be the redirect_uri of the Azure AD app so that we get the token in code rather than the browser URL?

Thank you!

In this scenario the full blown embedding is overkill. You can easily use [Secure Embed](https://learn.microsoft.com/en-us/power-bi/service-embed-secure). — Andrey Nikolov, Mar 16 '20 at 15:05
Hi Andrey - It is a single sign-on scenario because users are already signed-in to ServiceNow Portal using the same Active Directory account. So they shouldn't be signing-in again to view the embedded reports. Thank you! — Mittal Patel, Mar 16 '20 at 16:41
Reports I want to embed are for Organization users not for customers. Hence it is User Owns data. Isn't it right? — Mittal Patel, Mar 17 '20 at 11:57
`User owns data` means that each user will use his own Azure AD account to access Power BI, while `App owns data` means that the app will use a single master account for that. Does ServiceNow authenticate against Azure AD? If not, it wont work. After you have an access token (regardless of the mode), you should use Power BI JavaScript client to perform the actual embedding. The token will be used there. See [Embedding Basics](https://github.com/Microsoft/PowerBI-JavaScript/wiki/Embedding-Basics). — Andrey Nikolov, Mar 17 '20 at 12:03
Yes, ServiceNow authenticates against same Azure AD. I get Access Token from ADAL.js, but it is in browser URL and page is redirected to redirect_uri. Now, I'm not sure how can get that token from URL and use it further to embed Power BI tiles on ServiceNow page? Do I need to put ServiceNow URL as redirect_uri on my Azure AD App? Also, there is a Row-level security applied on Reports, which should work with ServicePrincipal and hence using Master Account is not an option for me. Thank you! — Mittal Patel, Mar 17 '20 at 15:24
RLS works with app owns data - search for EffectiveIdentity. — Andrey Nikolov, Mar 17 '20 at 17:36
Hello Andrey - I read EffectiveIdentity and trying to implement that but in Postman I get 403 forbidden error message. I created Azure AD Native APP for Apps Own Data Scenario, but in this example, https://learn.microsoft.com/en-us/rest/api/power-bi/embedtoken/reports_generatetokeningroup#generate-report-embedtoken-with-effectiveidentity , where do I use the ClientID of my Azure AD App? I'm missing some steps. Could you please guide me? — Mittal Patel, Apr 09 '20 at 12:23
Thank you Andrey - Can you please point me to correct link to follow for getting the Access Token for Apps Own Data and using Native App? - Thank you again.. — Mittal Patel, Apr 09 '20 at 13:07
e.g. this one https://stackoverflow.com/questions/56409362/is-there-any-way-to-embed-power-bi-reports-and-dashboards-in-vb-net-or-c-sharp-d/56418991#56418991 — Andrey Nikolov, Apr 09 '20 at 13:52
@AndreyNikolov - Thank you for all your help! Embedding works as expected now, but not RLS. Here is the complete scenario. 1. Data Source - SQL Server On-premise 2. Dynamic RLS is configued in Power BI Desktop 3. Published Reports to Premium Capacity, upgraded Workspace 4. Embedded Solution - Apps Own Data using JavaScript (used GenerateToken method) 5. Added EffectiveIdentity in the JavaScript GenerateToken Call. What am I missing here? — Mittal Patel, Apr 20 '20 at 12:41

Power BI Report embed using ADAL.js

0 Answers0