I want to be able to authenticate against an external account without having to manually enter the accounts credentials. Appian has an example to authenticate using a link. However, this forces the user to enter the credentials on an external system in order to have access to such connection. What I want to do is to have that authentication be done in the background without the need for the link. In most cases the users won't have access to the credentials, so I would like to store that in a document or constants so when they navigate to the interface it is done for them.
For clarity, the specific component I'm working with is the Power BI plugin which requires the connection to be authenticated every time is used for each user. However, I don't think the above request is specific to my case and there could be a generic way of doing this.
Has anyone run into this scenario and found a solution?
There are two ways to use OAuth 2.0. The one you described is the OAuth 2.0: Authorization Code Grant as described here. Each user need to authenticate using the authentication link to grant the access to the external system. You are actually looking for the Client Credentials Grant as described here. Using this the client (Appian) will authenticate in the background with the external system.
However, I don't know what authentication method Power BI offers.For OAuth client credentials you need a client id, client secret, and token request endpoint. Maybe Power BIs API also offers authentication using an API key, which would also fulfill your requirement. In any case, you should create a connected system to store the credentials instead of constants or documents.
@lukasm0001 thanks for the info. I do have a connected system using OAuth and an Integration for connecting to Power BI. But this requires authentication every time I try to run it. Do you have any examples of using that second method to authenticate? The link explains what it is but not sure I'm understanding on how to use it.
Create a connected system and select HTTP and then choose Client Credential Grant in the authentication dropdown. Then fill in the blanks. Once you authenticated using this, Appian will take care in the background of the authentication and possible refresh tokens etc. So, you only need to authenticate once.
To retrieve the cliend id, secret and token endpoint, please have a look in the Power BI documentation. You have to register Appian as an app: https://docs.microsoft.com/en-us/power-bi/developer/register-app
Appian already has a plugin for Power BI which is the one I'm using to authenticate. I have everything setup and the only issue is that every user needs to authenticate the connected system every time. It works for me since I have already authenticated the connected system, but other people cannot.
Discussion posts and replies are publicly visible
© 2020 Appian. All rights reserved.