stackoom
  简体   繁体   中英

Use Azure AD access token to Authenticate to Azure DevOps with Flask

 原文  2021-02-08 21:30:54       python/ oauth-2.0/ azure-devops/ azure-active-directory/ azure-devops-rest-api

Question

I registered an app in my Azure Active Directory, which has permissions to Azure DevOps

I downloaded the Python Flask app, through the Azure quickstart, which can also be found here: https://github.com/Azure-Samples/ms-identity-python-webapp and it worked great. However, I couldn't understand how to use the access token to also authenticate to Azure DevOps and use its REST API.

I have found this link here ( https://docs.microsoft.com/en-us/azure/devops/integrate/get-started/authentication/oauth?view=azure-devops ) which says to register an app on Azure DevOps but it requires an HTTPS website for the callback which I currently don't have in the development phase. I also cannot use Azure DevOps Personal Access Token since the purpose of this program is for different users to perform actions on their behalf and not to use a single account.

Is it possible to use the token acquired from Azure Active Directory and use it on Azure DevOps? and how can this be done using Flask?

Edit: I was able to get the token using Postman, however - I'm constantly getting a 203 error as can be seen here

1 answers

solution1
 0  2021-02-09 09:26:57

You could call Azure DevOps rest API with Azure AD access token. It's correct to add the permission of Azure DevOps.

Try to use auth code flow to obtain the access token. Then call the DevOps API with Authorization: Bearer <access-token> . Please refer to this issue (it uses v1.0 endpoint).

# Get authorization code
GET  https://login.microsoftonline.com/{tenant}/oauth2/v2.0/authorize?
client_id=<your app client id>
&response_type=code
&redirect_uri=<>
&response_mode=query
&scope=https://app.vssps.visualstudio.com/user_impersonation
&state=12345

# Get access token
POST https://login.microsoftonline.com/{tenant}/oauth2/v2.0/token
Content-Type: application/x-www-form-urlencoded

grant_type=authorization_code
&client_id=<>
&code=<>
&redirect_uri=https%3A%2F%2Flocalhost%3A12345
&scope=https://app.vssps.visualstudio.com/user_impersonation
&client_secret=<>

The sample_flask.py sample shows how to use Flask-OAuthlib to authenticate to Microsoft Graph with auth code flow. You need to replace MS Graph API with Azure DevOps rest API.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question How to write a python script to authenticate to Azure DevOps REST API and get the access token? How to authenticate to Azure Devops by using token of an Application ID(service principal)? Azure AD bearer token from React to Flask API Get Request to Azure DevOps with Personal Access Token (PAT) using Python Using a personal access token for azure devops API repository manipulation Azure AD: “scope” Property Missing from Access Token Response Body How do we validate the access token from azure AD in backend? Authenticate to azure ad with JWT python sdk PermissionError for Azure AD integration with Flask running in container Azure Python flask App - AD authentication issue
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM