0

I am validating VSTS OAuth token, as explained here. I enabled access to the OAuth token from my VSTS build phase.

What are the claims present in the token? Where is this documented?

Note: the token is a JWT token so any claims will have the following keys.

Related question: How to verify the publisher of a message to a service bus using VSTS server-based task?

Konrad Jamrozik
  • 3,254
  • 5
  • 29
  • 59
  • Do you clear it? – starian chen-MSFT Jun 20 '18 at 09:23
  • Starian, my problem is as described in the related question I just added to the question. The VSTS extension verification appears to apply only to web extensions. I reported the doc deficiency [here](https://github.com/MicrosoftDocs/vsts-docs/issues/1091). – Konrad Jamrozik Jun 21 '18 at 20:25

1 Answers1

1

It is used to verify your extension and the token is generated from your extension instead of build.

starian chen-MSFT
  • 33,174
  • 2
  • 29
  • 53
  • To clarify: the OAuth token I mentioned in the question appears to be unrelated to the VSTS extension. It is used to authenticate to VSTS, not to authenticate the VSTS extension. To get the extension token that can be verified, one has to follow [these instructions](https://learn.microsoft.com/en-us/vsts/extend/develop/auth?view=vsts#generate-a-token-to-provide-to-your-service). Note this appears to work only for web extensions. – Konrad Jamrozik Jun 21 '18 at 20:26