具有Azure AD客户端凭据授予流的Azure Devops Access [英] Azure Devops Access with Azure AD client credential grant flow
问题描述
我已成功通过Azure AD进行身份验证,并收到了访问令牌.而且我已授予Azure AD App API访问Azure DevOps的权限
我正在使用RestSharp Http Client进行身份验证
var client = new RestClient("https://login.microsoftonline.com/{tenant}/oauth2/token");var request = new RestRequest(",Method.POST);request.AddParameter("grant_type","client_credentials");request.AddParameter("client_id","00000f-0000-00-00-000000");request.AddParameter("client_secret",] [M.& *******?* _ 5z)y $ {* [)");request.AddParameter("resourse","https://tenant.onmicrosoft.com/4815c06b-7e28-4f88-9dc8-8fe3354d5909");IRestResponse响应= client.Execute(请求);var content = response.Content;//原始骗局 到目前为止,我很高兴.我不知道是如何使用访问令牌访问Azure DevOps的.到目前为止,我已经尝试过
var client = new RestClient("https://app.vssps.visualstudio.com/oauth2/token");var request = new RestRequest(",Method.POST);request.AddParameter("client_id",我的APP代码在这里";request.AddParameter("client_secret",这里是我的ap机密");request.AddParameter("client_assertion_type","urn:ietf:params:oauth:client-assertion-type:jwt-bearer");request.AddParameter("client_assertion",此处访问令牌");request.AddParameter("grant_type","authorization_code"); 我收到的错误是"{\" Error \:\" unsupported_grant_type \,\" ErrorDescription \:\" grant_type必须是ietf jwt-bearer类型或refresh_token \}"
我想念什么?
根据我的知识,不支持客户端凭据.如果要使用Azure AD凭据访问Azure Devops API,则需要创建一个Azure AD本机应用程序并将权限分配给Azure AD应用程序
此后,我们还需要
然后,我们可以使用访问令牌来访问Azure Devops API.
我们可以从此链接.
I have successfully authenticated with Azure AD and received an access token. And I have given Azure AD App API permissions to Access Azure DevOps
I am using RestSharp Http Client do authenticate
var client = new RestClient("https://login.microsoftonline.com/{tenant}/oauth2/token");
var request = new RestRequest("", Method.POST);
request.AddParameter("grant_type", "client_credentials");
request.AddParameter("client_id", "00000f-0000-00-00-000000");
request.AddParameter("client_secret", "][M.&*******?*_5z)y${*[)");
request.AddParameter("resourse", "https://tenant.onmicrosoft.com/4815c06b-7e28-4f88-9dc8-8fe3354d5909");
IRestResponse response = client.Execute(request);
var content = response.Content; // raw con
I am happy up to this point. What I can't figure out is how to use the access token to access Azure DevOps What I have tried thus far
var client = new RestClient("https://app.vssps.visualstudio.com/oauth2/token");
var request = new RestRequest("", Method.POST);
request.AddParameter("client_id", "My APP code here";
request.AddParameter("client_secret", "My ap secret here");
request.AddParameter("client_assertion_type", "urn:ietf:params:oauth:client-assertion-type:jwt-bearer");
request.AddParameter("client_assertion", "access token here");
request.AddParameter("grant_type", "authorization_code");
The error I am receiving is "{\"Error\":\"unsupported_grant_type\",\"ErrorDescription\":\"grant_type must be the ietf jwt-bearer type or refresh_token\"}"
What am I missing?
Based on my knowledge, client credential is not supported. If we want to access Azure Devops API with Azure AD credential, we need to create an Azure AD native application and assign permission to the Azure AD application
After that we also need to connect the Azure Devepops account to the Azure AD.
Input the address in the browser and input the username and password then you could get the authorization_code
Get authorization_code
https://login.microsoftonline.com/{tenantId}/oauth2/authorize?resource=499b84ac-1321-427f-aa17-267ca6975798&client_id={applicationId}&response_type=code&redirect_uri={redirecturl}
Get access token
POST login.microsoftonline.com/e4c9ab4e-bd27-40d5-8459-230ba2a757fb/oauth2/token HTTP/1.1
Content-Type: application/x-www-form-urlencoded
Body
resource=499b84ac-1321-427f-aa17-267ca6975798&client_id={clientid}&grant_type=authorization_code&code=AQABAAIAAA..&redirect_uri={redirectUrl}
Then we could use the access token to access the Azure Devops API.
We could get more detail steps and C# demo code from this link.
这篇关于具有Azure AD客户端凭据授予流的Azure Devops Access的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
