## Authenticating as a User with a Login Code

At the time of writing this module (April 2024), the Fabric APIs do not support Service Principals.  This code illustrates how to authenticate a user using a Device Code authentication flow (https://learn.microsoft.com/en-us/entra/identity-platform/v2-oauth2-device-code).  This is necessary because within the context of a Jupyter notebook we can't do an interactive auth process, and username + password authentiation won't work if MFA is enabled on the account.


In [None]:
pip install msal requests

In [None]:
#For orgaization purposes I put notbooks in subfolders not the root of the proejct.aad_token
#This code adds the root directory of the project to the sys path so we can load class modules from the services folder
#I think this only needs to be run once, but including it for completeness.
import os, sys
projectRoot = os.path.abspath('.')
directory = os.path.dirname(projectRoot)
if not directory in sys.path: sys.path.append(directory)

In [None]:
import msal

authority_host_uri = 'https://login.microsoftonline.com'
tenant = '9f01a99c-6282-465a-94e6-fa7e97720b22'
authority_uri = authority_host_uri + '/' + tenant
#resource_uri = ['https://api.fabric.microsoft.com/Workspace.ReadWrite.All','https://api.fabric.microsoft.com/Item.ReadWrite.All']
client_id = '1e06b563-d085-4954-a3ec-d1cfa86f714c'
resource_uri = 'https://graph.microsoft.com/User.Read'


context = msal.PublicClientApplication(client_id, authority=authority_uri)

In [None]:
accounts = context.get_accounts()

In [None]:
# This specifices which API scopes we need access to.   Note that these scopes must be added to the App Registration in Entra.
scopes = ['https://analysis.windows.net/powerbi/api/Item.ReadWrite.All','https://analysis.windows.net/powerbi/api/Workspace.ReadWrite.All']
flow = context.initiate_device_flow(scopes=scopes)

#Now that the flow has been created show the device code so we can login.
print(flow["message"])

Now you must execute the login by navigating to the link, providing the code above, and completing the login process.

In [None]:
#Complete the authentication process by retreving the authentication detials associated with the flow.
code = context.acquire_token_by_device_flow(flow=flow)

In [None]:
#Print auth code to illustrate we were successful.  Note: this will show a secure token.
print(code)