Access Azure DevOps API via OAuth 2.0 Azure AD

3
votes

In postman i have set simple request to access Azure DevOps API, using OAuth 2.0 security via Azure AD https://docs.microsoft.com/en-us/rest/api/azure/devops/core/projects/list?view=azure-devops-rest-5.1 On Azure AD application setup with permission to acess Azure DevOps API with user consent

Im getting token, however Azure DevOps API keeps returning code 203 with sign in html instead of json response. I would appreciate any suggestions

Thanks

Postman request

GET /[some_org]/_apis/projects?api=5.1 HTTP/1.1
Host: dev.azure.com 
Authorization: Bearer [something] 
User-Agent: PostmanRuntime/7.17.1 
Accept: */* 
Cache-Control: no-cache 
Postman-Token: [something] 
Accept-Encoding: gzip, deflate 
Cookie: VstsSession=[something] 
Referer: https://dev.azure.com/[some_org]/_apis/projects?api=5.1 
Connection: keep-alive cache-control: no-cache

Token get details

1
oauth-2.0azure-devopsodatapostmanazure-devops-rest-api
Actually, using Azure DevOps API with AAD token is allowed. Here is a sample about c# code to do it.github.com/microsoft/azure-devops-auth-samples/blob/master/…Frank Wang-MSFT

1 Answers

3
votes
  1. I managed to replicate your issue using the OAuth 2.0 authentication in Postman.
  2. I started to look little more about the REST API for Azure DevOps and I found the document:

https://docs.microsoft.com/en-us/rest/api/azure/devops/?view=azure-devops-rest-5.1

  1. Few key parts:

For Azure DevOps Services, instance is dev.azure.com/{organization}, so the pattern looks like this:

VERB https://dev.azure.com/{organization}/_apis[/{area}]/{resource}?api-version={version}

If you wish to provide the personal access token through an HTTP header, you must first convert it to a Base64 string (the following example shows how to convert to Base64 using C#). (Certain tools like Postman applies a Base64 encoding by default. If you are trying the API via such tools, Base64 encoding of the PAT is not required).

Authorization: Basic BASE64PATSTRING

  1. I configured my postman to use GET Request and Basic Authentication (and it worked)

    GET http://dev.azure.com/{organization-id}/_apis/projects?api-version=5.1

GET Request

Basic Authentication

enter image description here

More information about Personal Access Token for Azure DevOps REST API is available
here

PS And here is page regarding Azure DevOps REST API and OAuth 2.0 Authentication here There is information on how to register your application to generate OAuth 2.0 credentials required to authorize.