Share via

Error message when I try to get a refreshable access token from Power BI REST API

Ad-K 1 Reputation point
2021-03-08T10:23:04.833+00:00

Hello everyone,

When I send a POST request to get a refreshable token for Power BI REST API I get the following error:

{
"error": "invalid_grant",
"error_description": "AADSTS50126: Error validating credentials due to invalid username or password.\r\nTrace ID: 99c45d79-6d9d-4e29-8aa8-912e47e65e00\r\nCorrelation ID: bb95c25d-0f3c-4212-9502-95f16703f035\r\nTimestamp: 2021-03-08 10:09:56Z",
"error_codes": [
50126
],
"timestamp": "2021-03-08 10:09:56Z",
"trace_id": "99c45d79-6d9d-4e29-8aa8-912e47e65e00",
"correlation_id": "bb95c25d-0f3c-4212-9502-95f16703f035",
"error_uri": "https://login.microsoftonline.com/error?code=50126"
}

This is what I did :

  1. I am only a user in the Azure Portal
  2. The Global Admin registered an app from here: dev.powerbi.com/Apps
  3. I gave it all the read authorizations
  4. He made me Owner of that app
  5. He created a client secret for that app
  6. We added Tenant.Read.All permission and granted it to my organization
  7. Now I am using POSTMAN to generate a refreshable token but I get the error you see above (I checked my email and password several times, see postman's config below)

75424-capture.png

Thanks in advance.

Microsoft Security | Microsoft Entra | Microsoft Entra ID
0 comments

3 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. AmanpreetSingh-MSFT 56,951 Reputation points Moderator
    2021-05-20T12:30:59.14+00:00

    Hi @Ad-K · The account you are using is a federated account, which requires redirection to ADFS for authentication. The ROPC (password) flow doesn't support this redirection and tries to authenticate the user directly in Azure AD. Hence, the error AADSTS50126: Error validating credentials due to invalid username or password. is thrown.

    To resolve the issue, you can choose to go with one of the below options:

    1. Create a cloud only user account, reset the temporary password and use that account.
    2. If creating cloud-only user is not an option for you, follow the instructions I have provided in This Blog Post. If you choose to go with this option and don't want to sync password hash for all accounts, use Selective password hash synchronization

    -----------------------------------------------------------------------------------------------------------

    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

    1 person found this answer helpful.
  2. Siva-kumar-selvaraj 15,731 Reputation points Volunteer Moderator
    2021-03-09T17:29:24.417+00:00

    Hello @Ad-K ,

    Thanks for reaching out.

    I had tried above steps and was able to generate token successfully. Here is outcome from Postman.
    75942-image.png

    Looking at above error message AADSTS50126, which indicate invalid username or password also I see that you had verified your email and password several times, just wondering did you try to access azure portal with same credential successfully?

    These are possible causes I could think of:

    • Can you verify if Content-Type mentioned as application/x-www-form-urlencoded in PostMan header , because when UPN or Password contains special characters then using urlencoded make sure values are being translated with right format.
      75900-image.png
    • When you say email address, is that same as UPN? because username key-value must be UPN (User principal Name) not email address, ignore this step if UPN and email address both are same.

    Hope this helps

    Do let us know if this helps and if there are any more queries around this, please do let us know so that we can help you further. Also, please do not forget to accept the response as an Answer; if the above response helped in answering your query.

  3. Siva-kumar-selvaraj 15,731 Reputation points Volunteer Moderator
    2021-03-11T08:57:51.283+00:00

    Thanks for the confirmation.

    Could you please try with PowerShell way and see if that helps? just replace with your own values which are highlight in yellow as shown below:

    PowerShell outcome from my lab:
    76683-image.png

    PowerShell cmdlet

    Replace with your own values 

    $grant_type = "password"  
$client_id = "faaff207-1111-44be-1111-b77b488ce2da"  
$resource = "https://analysis.windows.net/powerbi/api"  
$username = "******@abc.onmicrosoft.com"  
$password = "password"  
$scope = "openid"  
$requestUri = "https://login.microsoftonline.com/abc.onmicrosoft.com/oauth2/token"

    Then execute these cmdlet 

    $requestBody = “grant_type=$grant_type&client_id=$client_id&resource=$resource&username=$username&password=$password&scope=$scope”  
Invoke-RestMethod -Method Post -Uri $requestUri -ContentType “application/x-www-form-urlencoded” -Body $requestBody

    if PowerShell doesn't work, then can you try with different username and password ?

    If none of these works, feel free to send me an email with subject line “Attn:SivaKumarS” to AzCommunity@microsoft.com, include your subscription ID, and I will gladly open a free support case for you.

    ------
    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

    0 comments

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.