如何以静默方式获取Azure DevOps的用户令牌并将其用于访问DevOps REST API? [英] How to get user token silently for Azure DevOps and use it for accessing DevOps REST APIs?
问题描述
问题陈述:我试图在C#控制台应用程序中创建一个模块,该模块打算在Azure Bot运行后立即插入并使用.我想将我的机器人与Azure DevOps连接.我可以使用PAT令牌来做到这一点,但我需要机器人仅显示来自已登录用户可以访问的DevOps的资源.
Problem Statement: I'm trying to create a module in C# console application that I intend to plug and use in Azure Bot once it is operational. I want to connect my bot with Azure DevOps. I am able to do that with PAT token but I need the bot to only display the resources from DevOps on which the logged in user has access.
尝试:
- 我能够使用PAT令牌获取必要的详细信息.无论登录的用户详细信息如何,它都能为我提供所有项目.
- 我尝试为登录的用户使用Azure AD令牌,但是在尝试使用它来调用Azure DevOps REST API时,它给了我未经授权的错误
- 已引用这篇文章,但我无法获得身份验证代码或令牌无提示.
- I am able to get the necessary details using PAT token. It gives me all projects irrespective of the logged in user details.
- I have tried to use the Azure AD token for the logged in user but it gives me unauthorized error on trying to use it to invoke Azure DevOps REST APIs
- Referred this article but I am unable to get the auth code or token silently.
总而言之,我基本上是在寻找:
To summarize, I'm basically looking to:
- 静默获取Azure DevOps的用户令牌(无需用户单击确认)
- 使用REST API获取项目,工作项等详细信息.
推荐答案
个人访问令牌继承了创建它的用户的权限.因此,如果您作为项目集合管理员创建一个令牌,则该令牌具有与您一样的samwe权限.
A Personal Access Token inherits the permissions from the user that created it. So if you, as a project collection administrator, create a token, that token has the samwe permissions as you do.
不幸的是,没有可用于在运行时创建令牌的公共REST API.它们必须由登录用户通过门户网站创建.
Unfortunately there is no public REST API that you can use to create a token at runtime. They have to be created by a logged in user through the portal.
Another option is using OAuth. OAuth asks the user to login and then gives you a token that you can use in the REST APIs. Unfortunately that doesn't meet your criteria where a user doesn't have to do anything,
我看到的另一种方法是将用户添加到他们具有权限的资源中.然后,从REST API中,您可以使用admin PAT来检查其权限,然后仅检索允许其查看的内容.这也不是很漂亮:-(
The only other way I see is adding the users to the resources they have permissions for. Then from your REST API you can use the admin PAT to check their permissions and then retrieve only what they are allowed to see. Which also isn't really pretty :-(
这篇关于如何以静默方式获取Azure DevOps的用户令牌并将其用于访问DevOps REST API?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
