When setting up AAD Consent for K2 APIs, you have to disable MFA as per:
Turn off Multi-Factor Authentication before granting consent. You can then turn MFA back on once consent has been granted.
This is because the underlying code was created before Microsoft's latest MFA implementation and therefore the consent loop will not work unless MFA is disabled. Note that the consent loop does not affect runtime authentication. Once the app is consented, you can enable MFA again and the runtime authentication will operate as expected. In other words, disabling MFA is only required while you are granting consent.
However, it appears that using basic auth with MFA also does not work:
You cannot log in to the Workflow REST API and the SmartObject OData API using Basic Authentication with an Azure Active Directory account that has Multi-Factor Authentication (MFA) enabled.
It would be great if the underlying code is updated so that the consent loop works with MFA enabled and/or if a custom Oauth connector was created and released for PowerBI that supported Oauth.