1

I am trying to implement an integration between a web-based code editor and Azure Devops. I am trying to use OAuth to get user authorization and then to make a clone of a repository on behalf of the user.

For GitHub I can use the OAuth access token as a username to clone the repository. Is there a similar functionality for Azure Devops?

2 Answers2

0

Is there a similar functionality for Azure Devops?

The answer is yes.

Azure DevOps Services uses the OAuth 2.0 protocol to authorize your app for a user and generate an access token. And we need make sure Authorised scopes include code (Read) when we generate the OAuth token:

enter image description here

Please refer this document and this blog for some more details.

Note:

Since OAuth 2.0 is not supported on Azure DevOps Server (I saw you add Azure DevOps Server tag on your post). Client Libraries are a series of packages built specifically for extending Azure DevOps Server functionality. For on-premises users, we recommend using Client Libraries, Windows Auth, or Personal Access Tokens (PATs) to authenticate on behalf of a user.

Leo Liu
  • 71,098
  • 10
  • 114
  • 135
  • Thanks for the information. I know that I can use the OAuth token with the REST API to read the code. I was wondering if I could use the OAuth token with a Git client (or library) to clone the repository. – Cristian Talau Dec 14 '20 at 07:52
  • @CristianTalau, So you are using Azure devops services not Azure devops server (TFS)? Pay attention to the note in the answer. – Leo Liu Dec 14 '20 at 08:01
  • 1
    @CristianTalau, As I know, if you can generate the OAuth token (Azure devops services), you could use the OAuth token with a Git client (or library) to clone the repository. If you are using Azure DevOps Server, I suggest that you use Windows Auth, or Personal Access Tokens (PATs) to authenticate. – Leo Liu Dec 14 '20 at 08:12
  • Most of the Git clients support only username & password authentication. For GitHub, one could use the OAuth token as the username to clone the repository. For GitLab, the token can be used as a password. The question is how should the OAuth token be used for Azure DevOps? I did not find any documentation about this type of usage. – Cristian Talau Dec 15 '20 at 09:12
  • Actually, the client that plans to use our editor uses Azure DevOps Server. Our current approach is to use PAT, but this is not very user-friendly, as compared with the OAuth experience. I am not sure if Windows Author is applicable for a web-based application (documentation editor). – Cristian Talau Dec 15 '20 at 09:15
  • @CristianTalau we are facing the same problem. Have you ever found a way to use the OAuth2 access token to clone the repo? We raised a similar question here: https://stackoverflow.com/questions/68376718/using-oauth2-token-of-azure-devops-services-application-to-clone-a-git-repositor – Juraj Martinka Jul 14 '21 at 16:57
0

This is definitely possible and has now been extended to be possible without using a Personal Access Token (which is tied to a user). If your Azure Devops is backed by Azure Active Directory, my answer here has the required steps to authenticate using an OAuth token issued to a service principal.

The currently accepted answer references scopes attached to PATs, but provided the service principal has been given access to the repository in the standard way (using the repository security tab) you should be able to clone it.

James G
  • 2,069
  • 16
  • 28