Azure DevOps provides list of services to manage projects in different phases like development, testing and deployment. All these applications require authentication to access these services from DevOps.
In this blog, I have covered two ways of authentication methods to access the services like Azure DevOps REST API.
- PAT token
- Azure DevOps OAuth
PAT TOKEN Authentication:
PAT token is the bearer token to access resources within their organization in DevOps. It is specific to an organization.
Below are the steps to create and use the PAT token in Azure DevOps REST API.
STEP 1: Sign in to your organization -https://dev.azure.com/<Organization Name>
STEP 2: On top right corner, Select User settings->Personal Access Token ->New Token
STEP 3: “Create New Personal Access token” window allows user to enter the name of the token, set expiration for the token and give permissions for specific or all modules in DevOps.
On token generation, user has to copy the PAT token which will not be available after the window closes.
For example, we can use this PAT token in Basic Authorization to get the list of projects under the specific organization.
API : https://dev.azure.com/<OrganisationName>/_apis/projects?api-version=7.0
In authorization->Basic, place PAT token in Username.
Azure DevOps OAuth Authentication:
This can be used for accessing all services under tenant.
Step 1: Go to Register application (visualstudio.com) and enter the necessary details.
Redirect URL – authorization code will be sent to this URL on Consent.
Here, I have chosen “Project and Team” under “Authorized scope” to get access for the projects.
Step 2: Copy the App Id, Client Secret and Scope which will be used to get the Authorization code.
Frame the authorization URL for consent with the copied data and put it in browser.
var authorizationUrl = $"https://app.vssps.visualstudio.com/oauth2/authorize" +
$"?client_id={clientId}" +
$"&response_type=code" +
$"&redirect_uri={HttpUtility.UrlEncode(redirectUri)}" +
$"&scope={HttpUtility.UrlEncode(scope)}" +
$"&state={Guid.NewGuid().ToString()}";
Step 3: On successful consent, authorization code will be displayed in the redirect URL.
Step 4: Use the authorization code to get the access token using below code.
Dictionary<string, string> form = new Dictionary<string, string>()
{
{ "client_assertion_type", "urn:ietf:params:oauth:client-assertion-type:jwt-bearer" },
{ "client_assertion", clientSecret },
{ "grant_type", "urn:ietf:params:oauth:grant-type:jwt-bearer" },
{ "assertion", authCode },
{ "redirect_uri", redirectUri }
};
HttpResponseMessage responseMessage = await httpClient.PostAsync(
"https://app.vssps.visualstudio.com/oauth2/token",
new FormUrlEncodedContent(form));
string body = await responseMessage.Content.ReadAsStringAsync();
var accessToken = JsonDocument.Parse(body).RootElement.GetProperty("access_token").GetString();
Step 5: Response will be a Json with Access token, Refresh token and Expiry time for access token.
Step 6: Refresh token can be used to create an access token on current token expiration.
Step 7: Use the above access token as Bearer token to find the list of Project.
Step 8: To create refresh token,
Dictionary<string, string> form = new Dictionary<string, string>()
{
{ "client_assertion_type", "urn:ietf:params:oauth:client-assertion-type:jwt-bearer" },
{ "client_assertion", clientSecret },
{ "grant_type", "refresh_token" },
{ "assertion", refreshToken },
{ "redirect_uri", redirectUri }
};
var httpClient = new HttpClient();
HttpResponseMessage responseMessage = await httpClient.PostAsync(
"https://app.vssps.visualstudio.com/oauth2/token",
new FormUrlEncodedContent(form));
string body = await responseMessage.Content.ReadAsStringAsync();
Summary:
In this blog,we have covered two ways of authentications to access Azure DevOps services like Azure DevOps REST APIs.
Hope you find this blog useful.
References:
Guidance for authentication – Azure DevOps | Microsoft Learn
No Comment! Be the first one.