What causes AADSTS901002?

Application code or library mixes v1.0-style 'resource=https://analysis.windows.net/powerbi/api' with the v2.0 token endpoint (/oauth2/v2.0/token). Outdated MSAL/ADAL configuration or a copy-pasted ADAL sample still passing 'resource' while the app is registered as v2.0. Custom Power BI embedding or service principal token requests built on top of raw HTTP that target v2.0 but send 'resource'. Azure Data Factory / Logic Apps / custom connector using a manually crafted OAuth request with 'resource' against the v2.0 endpoint. App registration migrated from Azure AD v1.0 to Microsoft Entra ID v2.0 without updating downstream token requests

How do I fix AADSTS901002?

Inspect the failing token request and confirm whether it is hitting /oauth2/token (v1.0) or /oauth2/v2.0/token (v2.0) — AADSTS901002 only fires on v2.0. Replace the 'resource' parameter with a 'scope' parameter — for Power BI use 'https://analysis.windows.net/powerbi/api/.default', for Fabric use 'https://api.fabric.microsoft.com/.default', for Graph use 'https://graph.microsoft.com/.default'. If using MSAL, pass scopes via AcquireTokenForClient(scopes) / acquireTokenSilent({scopes}) and remove any 'resource' overrides; if you must keep v1.0 semantics, switch the authority back to https://login.microsoftonline.com/{tenant}/oauth2/token. For ADAL-based code, migrate to MSAL — ADAL is deprecated since June 2023 and will keep producing this error against v2.0 endpoints. Re-test the refresh in Power BI Service / ADF linked service after the change and verify a successful access_token response with the correct 'aud' claim

Low severityauthentication

Power BI Error:
AADSTS901002

What does this error mean?

The OAuth 2.0 request includes a 'resource' parameter, which is not supported by the v2.0 endpoint of Microsoft Entra ID (Azure AD).

Common causes

1Application code or library mixes v1.0-style 'resource=https://analysis.windows.net/powerbi/api' with the v2.0 token endpoint (/oauth2/v2.0/token)
2Outdated MSAL/ADAL configuration or a copy-pasted ADAL sample still passing 'resource' while the app is registered as v2.0
3Custom Power BI embedding or service principal token requests built on top of raw HTTP that target v2.0 but send 'resource'
4Azure Data Factory / Logic Apps / custom connector using a manually crafted OAuth request with 'resource' against the v2.0 endpoint
5App registration migrated from Azure AD v1.0 to Microsoft Entra ID v2.0 without updating downstream token requests

How to fix it

1Inspect the failing token request and confirm whether it is hitting /oauth2/token (v1.0) or /oauth2/v2.0/token (v2.0) — AADSTS901002 only fires on v2.0
2Replace the 'resource' parameter with a 'scope' parameter — for Power BI use 'https://analysis.windows.net/powerbi/api/.default', for Fabric use 'https://api.fabric.microsoft.com/.default', for Graph use 'https://graph.microsoft.com/.default'
3If using MSAL, pass scopes via AcquireTokenForClient(scopes) / acquireTokenSilent({scopes}) and remove any 'resource' overrides; if you must keep v1.0 semantics, switch the authority back to https://login.microsoftonline.com/{tenant}/oauth2/token
4For ADAL-based code, migrate to MSAL — ADAL is deprecated since June 2023 and will keep producing this error against v2.0 endpoints
5Re-test the refresh in Power BI Service / ADF linked service after the change and verify a successful access_token response with the correct 'aud' claim

Frequently asked questions

What does AADSTS901002 mean?

AADSTS901002: The 'resource' request parameter isn't supported.

How do I fix this error?

Check your application registration, token configuration, and user permissions in the Azure portal. Review Conditional Access policies if the error is policy-related.

Source · learn.microsoft.com/en-us/entra/identity-platform/reference-error-codes#aadsts-error-codes