Azure DevOps 的客户端凭据流
[英]Client Credentials Flow for Azure DevOps
问题描述
I have been looking at this issue for days and I know from experience that I usually work these things out but this time I have hit a brick wall.
我已经研究这个问题好几天了,我从经验中知道我通常会解决这些问题,但这次我遇到了麻烦。
Scenario设想
I have a python app that gets instantiated inside an Azure DevOps YAML pipeline.我有一个在 Azure DevOps YAML 管道中实例化的 Python 应用程序。 The app calls the Azure DevOps REST API to create a repository应用调用 Azure DevOps REST API 来创建存储库
The app uses a PAT (personal access token) to authenticate该应用程序使用 PAT(个人访问令牌)进行身份验证
Firstly issue is, a personal access token is connected to me as a human user.第一个问题是,个人访问令牌以人类用户的身份连接到我。 If I leave the company the PAT will be revoked which is not good for an app that needs to run in a non-user context.如果我离开公司,PAT 将被撤销,这对需要在非用户环境中运行的应用程序不利。
So now I want to setup my Python app to authenticate to the Azure DevOps REST API using client credentials flow.所以现在我想设置我的 Python 应用程序以使用客户端凭据流对 Azure DevOps REST API 进行身份验证。
My issue is, I can't find consistent information about this.我的问题是,我找不到关于此的一致信息。
I have created an app in Azure DevOps:我在 Azure DevOps 中创建了一个应用程序:
My plan would be to get this all working in Postman and then port my finding to Python code.我的计划是让这一切在 Postman 中工作,然后将我的发现移植到 Python 代码中。 So really, I am looking for help with the setup I do in Postman and I can work the rest out myself in Python.所以真的,我正在寻求有关我在 Postman 中进行的设置的帮助,其余的我可以在 Python 中自己解决。
Many posts talk about Azure DevOps and Azure AAD (Azure Active Directory) together but, seeing as I create my app registration in Azure DevOps, as shown in the picture, I don't see why I would do anything in AAD.许多帖子同时讨论 Azure DevOps 和 Azure AAD(Azure Active Directory),但是,当我在 Azure DevOps 中创建应用注册时,如图所示,我不明白为什么我会在 AAD 中做任何事情。 (Note, my Azure DevOps instance was created outside Azure. Azure knows nothing about my Azure DevOps instance) (注意,我的 Azure DevOps 实例是在 Azure 之外创建的。Azure 对我的 Azure DevOps 实例一无所知)
Any pointers to the CORRECT information about how to do this would be good.任何指向有关如何执行此操作的正确信息的指针都会很好。 And remember, I definitely need the client credentials type flow.请记住,我绝对需要客户端凭据类型流。 There is no human interaction between my app and the Azure DevOps REST API.我的应用程序和 Azure DevOps REST API 之间没有人工交互。
Update更新
Here is what I have in Postman right now:这是我现在在 Postman 中的内容: Note:
笔记:
- You can see the check boxes which I am using to toggle application/x-www-form-urlencoded key / value pairs on and off您可以看到我用来打开和关闭 application/x-www-form-urlencoded 键/值对的复选框
- the resource - 499b84ac-1321-427f-aa17-267ca6975798 is apparently the GUID for Azure DevOps and doesn't change资源- 499b84ac-1321-427f-aa17-267ca6975798显然是 Azure DevOps 的 GUID,不会改变
- If I look inside the HTML from the 500 error I see this: Could not find partition for hostId: 499b84ac-1321-427f-aa17-267ca6975798 which is the DevOps resource GUID mentioned above.如果我从 500 错误中查看 HTML,我会看到:找不到 hostId 的分区:499b84ac-1321-427f-aa17-267ca6975798 ,这是上面提到的 DevOps 资源 GUID。
And here is the 500 error I get from Azure Devops:这是我从 Azure Devops 得到的 500 错误:
It's all very confusing but I am sure I just need to tweak one or two things to get it working.这一切都非常令人困惑,但我确信我只需要调整一两件事即可使其正常工作。
1 个解决方案
解决方案1
1 已采纳 2020-03-27 14:57:37
I want to use client_credential flow in Azure DevOps for the same reasons as you!出于与您相同的原因,我想在 Azure DevOps 中使用 client_credential 流! Last time I spoke to support they told me it was planned for Q3 2020 .上次我与支持人员交谈时,他们告诉我计划在 2020 年第三季度进行。 Reviewing the roadmap I can't see it on there at the moment. 查看路线图,我目前在那里看不到它。 I also couldn't see any feature requests currently raised onDev Community so you could consider trying to raise the profile of this issue on there.我也看不到Dev Community目前提出的任何功能请求,因此您可以考虑尝试在那里提高此问题的知名度。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.