Get an access token with client credentials for Azure AD - Intergraph Smart Completions - Intergraph Smart Completions Update 4 - Customization & Programming

Intergraph Smart Completions Smart API Programmer's Getting Started Guide

Language
English
Product
Intergraph Smart Completions
Search by Category
Customization & Programming
Smart Completions Version
6.0.4

The following example shows how to get an access token for a Power BI client application when using the Client Credentials grant type with the Azure AD identity provider.

When would I use the Client Credentials grant type?

The Client Credentials grant type is typically used for building a backend service or automated flow. For example, the Client Credentials grant type allows a dashboard to be automatically updated without relying on user authentication, which breaks if the client credentials are changed.

Required information

You need the following information to get an access token with client credentials:

  • The information supplied by the identity provider upon registering Power BI as a client application: token URL, client ID, client secret, scope, and state (optional).

    How do I get this information?

    • For the Smart Cloud environment, this information is supplied by the Smart Cloud support team when they respond to the request to register Postman as a client.

    • For other environments, you can get the Token, Issuer, and Authorization URLs from the configuration endpoint for your identity provider:

      <idp_hostname>/<idp_baseurl>/.well-known/openid-configuration

  • The Smart Completions Smart API Base URL.

Create a query to get an access token

Be extremely cautious about sharing PBIX templates! The credentials stored in the token function will allow anyone to access data, including data stored in other applications and shared with Smart Completions.

  1. In the Power BI desktop tool, create a blank query.

    13 - Authorization Code with PKCE 1

  2. Right-click the query, and select Advance Editor.

    14 - Authorization Code with PKCE 2

  3. Copy and paste the following code into the blank query:

    ()=>let

    token_url="https://login.microsoftonline.com/1b16ab3e-b8f6-4fe3-9f3e-2db7fe549f6a/oauth2/v2.0/token",

    clientid="d8174708-6740-4993-91fd-515f520b73b3",

    clientsecret="~Xc8Q~RconzYdVWSobXkgJ998NXHsDyahZ_9vamH",

    scopes="api://bd73a94c-05ea-4d0f-a5b5-495ab2f7b0d1/.default",

    data=Json.Document(

    Web.Contents(

    token_url,[

    Headers=[#"Accept"="application/json",#"Content-Type"="application/x-www-form-urlencoded"],

    Content=Text.ToBinary(

    Uri.BuildQueryString(

    [

    grant_type="client_credentials",

    client_id=clientid,

    client_secret=clientsecret,

    scope=scopes

    ]

    )

    )

    ]

    )

    ),

    accessToken=data[access_token]

    in

    accessToken

  4. Replace the values for client_id, client_secret, token_endpoint, and scope with your information.

  5. Change the query name to GetToken, and select Done.

    16 - Authorization Code with PKCE 4

Use the query to get the access token

  1. Create a second blank query for getting the token using the above GetToken function.

  2. Copy and paste the following code into the blank query:

    let

    Source=OData.Feed("https://<hostname>/sc/datalake/v1",

    [Authorization="Bearer "&GetToken()],[MoreColumns=true])

    in

    Source

  3. Replace the <hostname> placeholder with your hostname.

  4. Select Done.

    The query automatically generates a token and loads the data.