docs: Microsoft Power BI OAuth provider#1055
Merged
Merged
Conversation
Document the dedicated Microsoft Power BI auth provider (well-known id `microsoft-powerbi`): a Power BI Service OAuth provider that reuses Microsoft Entra endpoints on a separate connection so Power BI resource scopes never mix with Microsoft Graph scopes (the mix trips Entra AADSTS70011). Mirrors the Microsoft provider page structure and covers: Entra app registration, the Arcade-generated redirect URI, granting Power BI Service delegated permissions only (Dataset.Read.All, Dataset.ReadWrite.All, Report.Read.All, Workspace.Read.All plus openid/profile/offline_access) and NOT any Graph or Fabric permission, configuring the provider in the dashboard with an empty Scopes field and client id + secret only, and using it from app code and custom tools. Adds the provider to the auth-providers catalog page. The sidebar title resolves from the page frontmatter title and sorts alphabetically next to Microsoft (matching the cisco-duo precedent), so no _meta.tsx change is needed. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
Keep the setup path simple: the intro, Entra-app steps, and dashboard steps now state what to do in plain language, while token audiences, AADSTS70011, resource URIs, and connection-reset troubleshooting move to a clearly flagged 'Advanced' section at the end of the page. Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
byrro
approved these changes
Jul 10, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Adds the public docs page for the new Microsoft Power BI OAuth provider (well-known provider id
microsoft-powerbi), following the existing Microsoft provider doc as the template.The Power BI provider is a dedicated Microsoft provider: it reuses Microsoft Entra endpoints but authorizes on a separate connection so Power BI Service resource scopes never mix with Microsoft Graph scopes. Mixing them in one authorize request trips Entra AADSTS70011.
What's in the page
https://analysis.windows.net/powerbi/api) OAuth provider and the AADSTS70011 isolation rationale.Dataset.Read.All,Dataset.ReadWrite.All,Report.Read.All,Workspace.Read.All, plusopenid/profile/offline_access) and NOT any Microsoft Graph or Fabric permission, with a prominent warning.provider="microsoft-powerbi") in Python/JS, and a custom-tool example that subclassesMicrosoftoverridingprovider_id.Specifics were sourced from the toolkit README's "Auth setup" section and adapted to the docs style.
Files
app/en/references/auth-providers/microsoft-powerbi/page.mdx(new)app/en/references/auth-providers/page.mdx— added a Microsoft Power BI card to the provider catalog, after the Microsoft cardThe sidebar entry resolves automatically: the frontmatter
titlesets the label and the folder sorts alphabetically right aftermicrosoft(the same pattern thecisco-duoprovider uses), so no_meta.tsxchange was needed.Verification
pnpm check-meta— ✅ all_meta.tsxkeys valid (48 files).@mdx-js/mdxwithremark-frontmatter+remark-gfm— ✅ both parse./references/auth-providers/microsoft,#using-multiple-providers-of-the-same-type,#build-a-custom-user-verifier,/get-started/about-arcade,/guides/create-tools/tool-basics/build-mcp-server).Ref: TOO-1390
🤖 Generated with Claude Code
Note
Low Risk
Documentation-only changes with no runtime, auth, or application code impact.
Overview
Adds public documentation for the dedicated
microsoft-powerbiOAuth provider so customers can configure Entra apps, Arcade dashboard providers, and app/tool auth without mixing Power BI Service scopes with Microsoft Graph.The new reference page covers Entra app registration (Power BI Service delegated permissions only, empty provider Scopes field), dashboard setup, Python/JS
client.auth.startexamples, and a custom-tool pattern that subclassesMicrosoftwithprovider_id = "microsoft-powerbi". It also documents AADSTS70011 isolation and troubleshooting.The auth provider catalog gains a Microsoft Power BI card after Microsoft, and
public/llms.txtis regenerated to index the new page.Reviewed by Cursor Bugbot for commit 80f55b3. Bugbot is set up for automated code reviews on this repo. Configure here.