Azure DevOps API using OAuth 2.0 security via Azur...

Anonymous · ‎10-21-2019

Hi all,

I have difficulties to build custom connector which could access Azure DevOps API using OAuth 2.0 security via Azure AD (not Azure DevOps token directly). I seems like followed MSDN article, but simply requesting project list collection, im getting back the following:

HTML page with <title>Azure DevOps Services | Sign In</title>

and corresponding script log

var __vssPageContext = {"webContext":{"user":{"id":"aaaaaaaa-aaaa-aaaa-aaaa-aaaaaaaaaaaa","name":"Anonymous","email":"","uniqueName":"TEAM FOUNDATION\\Anonymous"} ...

That's why i decidded, to try API with token obtaining \ gt project request from postman 1st, where i have set simple request to access Azure DevOps API, using OAuth 2.0 security via Azure AD https://docs.microsoft.com/en-us/rest/api/azure/devops/core/projects/list?view=azure-devops-rest-5.1 On Azure AD application setup with permission to acess Azure DevOps API with user consent, callback url also set

Im getting token, however Azure DevOps API keeps returning code 203 with sign in html instead of json response. I would appreciate any suggestions

Token obtaining details (attached as image)

Postman request

GET /[some_org]/_apis/projects?api=5.1 HTTP/1.1
Host: dev.azure.com 
Authorization: Bearer [something] 
User-Agent: PostmanRuntime/7.17.1 
Accept: */* 
Cache-Control: no-cache 
Postman-Token: [something] 
Accept-Encoding: gzip, deflate 
Cookie: VstsSession=[something] 
Referer: https://dev.azure.com/[some_org]/_apis/projects?api=5.1 
Connection: keep-alive cache-control: no-cache

Many thanks

v-yutliu-msft · ‎10-21-2019

Hi @Anonymous ,

Do you mean that you have trouble in creating custom connector which could access Azure DevOps API using OAuth 2.0 security via Azure AD?

Before using this authentication type, you will need to register your application with the service so that it can receive access tokens for the users.

Here's a doc that shows how to register an application with the Azure Active Directory service for your reference:

https://docs.microsoft.com/en-us/azure/active-directory/develop/v1-oauth2-on-behalf-of-flow#register-the-application-and-service-in-azure-ad

You could check this to see whether you have problems.

Here are some parameters when creating a connection by authenticating to the backend service for your reference:

https://docs.microsoft.com/en-us/connectors/custom-connectors/connection-parameters

Please check the Oauth 2.0 part.

Best regards,

Community Support Team _ Phoebe Liu
If this post helps, then please consider Accept it as the solution to help the other members find it more quickly.

Anonymous · ‎10-28-2019

Hi

Many thanks for your suggesiton and sorry for delayed response.

Please, could you corect me if i'm wrong: i have already registered single Azure AD application with permissions and callbacl url, etc, but most-likely it's not working because i need 2 application - applicaton itself and middle -tier?

Thank you

yashag2255 · ‎10-28-2019

Hi @Anonymous

Yes, this will need two application registration, one will act as a front end and the other as a backend. To get the whole process, you can follow: https://docs.microsoft.com/en-us/azure/api-management/api-management-howto-protect-backend-with-aad

Hope this Helps!

If this reply has answered your question or solved your issue, please mark this question as answered. Answered questions helps users in the future who may have the same issue or question quickly find a resolution via search. If you liked my response, please consider giving it a thumbs up. THANKS!

Azure DevOps API using OAuth 2.0 security via Azure AD

Helpful resources

Manage your user group events

Check it out!

2021 Release Wave 2 Plan

Microsoft Learn