High severityauthentication
Power BI Error:
AADSTS165900
What does this error mean?
Entra ID (Azure AD) rejected the sign-in or token request because the API call itself was malformed or unsupported.
Common causes
- 1Malformed OAuth 2.0 / OpenID Connect request — missing or duplicated parameters such as client_id, redirect_uri, scope or response_type
- 2Unsupported or mismatched grant_type for the registered application (e.g. client_credentials on a public client, or ROPC on a confidential app)
- 3Conflicting scopes or resource parameters — mixing v1.0 'resource' with v2.0 'scope' in the same request
- 4Custom Power BI / ADF / Fabric connector or third-party tool sending a non-standard authorization request to login.microsoftonline.com
- 5Hand-crafted token request in a Power BI gateway, REST datasource or Databricks linked service with an incorrectly URL-encoded body
How to fix it
- 1Capture the exact failing request: enable Fiddler / browser network trace and copy the full URL or POST body sent to login.microsoftonline.com — the malformed parameter is almost always visible there
- 2Compare the request against the Microsoft identity platform protocol reference for the flow you are using (auth code, client credentials, on-behalf-of) and remove any duplicate, empty or unsupported parameters
- 3In the Entra ID (Azure AD) app registration, verify that the configured redirect URIs, allowed grant types and exposed API scopes match what the calling application actually sends
- 4If the error originates from a Power BI custom connector, ADF Web activity or Databricks secret scope, regenerate the connection / linked service so the SDK builds the request instead of a hand-written string
- 5If the request looks correct, raise a support ticket with Microsoft including the correlation ID and timestamp from the AADSTS165900 response — this code often requires identity platform side investigation