Background
I have nuget packages in a private nuget feed on azure devops and I try to consume them from on-prem TFS.
This worked, but only for a few hours
In azure devops, I navigated to Artifacts -> Connect to feed and clicked the link "Download NuGet + Credential Provider". When running CredentialProvider.VSS.exe -U URL_TO_FEED
I got a jwt token.
In tfs on-prem, I navigated to the "NuGet restore" step in the build definition. At "Feeds and authentication" I selected "Feeds in my NuGet.config" and at "Credentials for feeds outside this account/collection" I clicked "Manage". In the "Add new Team Foundation Server/Team Services Connection" dialog box I selected "Token Based Authentication" and filled in the values. I put the token I got from CredentialProvider.VSS.exe in the field "Personal Access Token".
The nuget packages were restored so everything seemed good, but the next day it didn't work any longer since the token was only valid for a few hours (I decoded it to verify).
Question
How am I supposed to make this work? It seems strange to use a "Personal Access Token" since it shouldn't be related to me as a person (in case I leave the organization for example). The username for the token generated by CredentialProvider.VSS.exe was VssSessionToken which might indicate that it's not a personal token related to me, but I don't know.