Azure Devops REST API authentication failing when using Azure Active Directory

Question

I am using the adal4j Java library to authenticate Azure DevOps REST API calls through Azure Active Directory. I am able to authenticate using Personal Access Tokens but not using Active directory. This is the code I have been running:

AuthenticationResult result = null;
ExecutorService service = null;
try {
  service = Executors.newFixedThreadPool(1);
  AuthenticationContext context = new AuthenticationContext("https://login.microsoftonline.com/" + tenantId + "/", false, service);
  if (clientId != null && clientKey != null) {
    ClientCredential credentials = new ClientCredential(clientId, clientKey);
    Future<AuthenticationResult> future = context.acquireToken("499b84ac-1321-427f-aa17-267ca6975798", credentials, null);
    result = future.get();
  }
} finally {
  if (service != null) {
    service.shutdown();
  }
}

I get the following error:

StatusCode: 203, ReasonPhrase: 'Non-Authoritative Information'

It tries to redirect to this sign-in page:

https://spsprodsin1.vssps.visualstudio.com/_signin?realm=...

I have already connected to Azure Active Directory from the Azure DevOps organization setting with the correct directory/tenant. And I have also added Azure DevOps user_impersonation permissions (delegated) in the app registration.

What I am doing wrong here and how can I fix the problem?

Hi @garvit Did you below answer fix the issue. You can accept it if it works out. — Levi Lu-MSFT, Nov 22 '19 at 09:58

score 0 · Accepted Answer · answered Nov 15 '19 at 09:20

user_impersonation means that this API can only be called with user permission. However, you get the token with client credential which only has application permission.

To get a token for a user, you can try the following codes:

    public static AuthenticationResult GetToeknWithPasswordForDevOps(String username, String password){
        ExecutorService service = Executors.newFixedThreadPool(1);
        AuthenticationContext context = null;
        AuthenticationResult result = null;
        try {
            context = new AuthenticationContext(AUTHORITY, true, service);
            Future<AuthenticationResult> future = context.acquireToken("499b84ac-1321-427f-aa17-267ca6975798", "{your publuc app client id}", username, password, null);
            result = future.get();
        } catch (InterruptedException e) {
            e.printStackTrace();
        } catch (ExecutionException e) {
            e.printStackTrace();
        } catch (MalformedURLException e) {
            e.printStackTrace();
        } finally {
            service.shutdown();
        }
        return result;
    }

Thanks you so much for the answer. I just had on more question, are these username/password for Microsoft account or DevOps alternate credentials or some other Azure Active Directory credentials. @jack-jia — garvit, Nov 15 '19 at 09:42

Azure Devops REST API authentication failing when using Azure Active Directory

1 Answers1