question

AbhishekJha-3947 avatar image
0 Votes"
AbhishekJha-3947 asked SeanHill-3624 commented

Authenticate azure devops build REST API through Azure AD access token

I need to trigger azure devops services build Rest API through azure AD access token. My devops organisation is integrated with azure AD and i have registered an app in Azure AD. using app id tenant id scope and client secret to generate access token. After generating Access token using same token to authenticate azure devops build rest api but i'm gettting 203 error .

Can someone confirm is it possible to trigger azure devops build api using azure AD token? if yes then what else i need to do?


Thanks

azure-active-directory
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

ShwetaMathur avatar image
0 Votes"
ShwetaMathur answered SeanHill-3624 commented

Hi @AbhishekJha-3947,

Thanks for reaching out.

I understand you are trying to call Azure AD devops build REST API using Azure AD access token and getting 203 error.

Yes, it is possible to call Azure Devops REST API using Azure AD access token.

The error "203 -Non-Authoritative Information" means that your access token has not right scopes to call the Azure Devops API.

Steps to call Azure Devops REST API using Azure AD access token as follows:
1. Register the application in Azure AD.
2. In the app's registration screen, Add a permission to access to the Devops APIs that your application needs.
3. In the list of APIs, select the API Azure DevOps from Microsoft APIs.
4. In the Delegated permissions section, select the user_impersonation in the list.

182710-image1.png

Permission is added as below:

182831-image2.png

To get the access token, First get the authorize code using authorize endpoint https://login.microsoftonline.com/{tenant-id}/oauth2/v2.0/authorize? with below parameters

182775-image3.png

Copy the short-lived authorization code from callback URL and get the access token using https://login.microsoftonline.com/{tenant-id}/oauth2/v2.0/token

182776-image4.png


Make sure to use appropriate Azure DevOps resource id in the scope : 499b84ac-1321-427f-aa17-267ca6975798/user_impersonation to get the authorized access token to call Azure Devops REST API


182750-image5.png

Hope this will help.

Thanks,
Shweta


Please remember to "Accept Answer" if answer helped you.



image1.png (50.9 KiB)
image2.png (24.0 KiB)
image3.png (36.2 KiB)
image4.png (58.9 KiB)
image5.png (55.5 KiB)
· 2
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi @AbhishekJha-3947,

Just wanted to check if above answer helped.

Thanks,
Shweta

0 Votes 0 ·

Hi Shweta,

I followed your instructions but when I call to get the auth code in postman I'm just returned a page of html to sign in. I assume this is for the user to authorize the access.

Instead I tried dropping the request into my browser but once I had signed in I got the error: "AADSTS500113: No reply address is registered for the application."

I'm not sure how I'm supposed to get/extract the auth code.

0 Votes 0 ·