What causes Fabric Copy Activity Error 20152?

The authorization server is configured to issue a non-standard or proprietary token type that Fabric does not recognize. A custom or legacy OAuth2 authorization server is being used instead of a standards-compliant one. Misconfigured token response format on the authorization server returning an unexpected 'token_type' field. Using a third-party identity provider that issues token types outside of the supported list (e.g., 'Bearer')

How do I fix Fabric Copy Activity Error 20152?

Step 1: Review the exact token type value returned in the '%tokenType;' placeholder from the pipeline error log to understand what your authorization server is issuing.. Step 2: Check Fabric Data Factory documentation or the error message for the list of supported token types ('%tokenTypes;') to determine what is acceptable.. Step 3: Reconfigure your authorization server to return a supported token type, typically 'Bearer' for standard OAuth2 client credential flows.. Step 4: If you do not control the authorization server, evaluate switching to a standards-compliant OAuth2 provider such as Microsoft Entra ID (Azure AD).. Step 5: After updating the authorization server configuration, re-run a test connection on the linked service to confirm the token type is now accepted.

High severityauthenticationMicrosoft Fabric →

Power BI Refresh Error:
Fabric Copy Activity Error 20152

What does this error mean?

The authorization server returned an access token with a token type that is not supported by Fabric's Copy Activity OAuth2 implementation. Data movement cannot proceed until a supported token type is used.

Common causes

1The authorization server is configured to issue a non-standard or proprietary token type that Fabric does not recognize
2A custom or legacy OAuth2 authorization server is being used instead of a standards-compliant one
3Misconfigured token response format on the authorization server returning an unexpected 'token_type' field
4Using a third-party identity provider that issues token types outside of the supported list (e.g., 'Bearer')

How to fix it

1Step 1: Review the exact token type value returned in the '%tokenType;' placeholder from the pipeline error log to understand what your authorization server is issuing.
2Step 2: Check Fabric Data Factory documentation or the error message for the list of supported token types ('%tokenTypes;') to determine what is acceptable.
3Step 3: Reconfigure your authorization server to return a supported token type, typically 'Bearer' for standard OAuth2 client credential flows.
4Step 4: If you do not control the authorization server, evaluate switching to a standards-compliant OAuth2 provider such as Microsoft Entra ID (Azure AD).
5Step 5: After updating the authorization server configuration, re-run a test connection on the linked service to confirm the token type is now accepted.

Frequently asked questions

What token types does Fabric's Copy Activity support for OAuth2 client credential flows?

Fabric's Copy Activity supports standard OAuth2 token types as defined by RFC 6749, most commonly 'Bearer'. The exact list of supported types is surfaced in the '%tokenTypes;' field within the error message at runtime. Consult the Fabric connector troubleshooting documentation for the current supported list.

Can I work around this without changing my authorization server?

Not directly — Fabric enforces supported token types at the connector level. If you cannot modify your authorization server, consider using a token translation layer or proxy that normalizes the token type, or migrate to a compliant provider like Microsoft Entra ID.