How to simply get a bearer token to send requests to Azure DevOps API?

4
votes

I need to create an organizational feed to host nuget packages shared among projects on our Azure DevOps environment.

After several unsuccesful attempts and research, I discovered that the only way to create an organizational feed is, by design from Microsoft mouth, the Azure DevOps API.

Source for the claim : This question on VS dev community and The MS docs on project-scoped feeds

Basically, I just need to be able to perform a POST here : https://feeds.dev.azure.com/{organization}/_apis/packaging/feeds?api-version=5.1-preview.1

with the body :

{
    "name": "{myfeedname}",
    "hideDeletedPackageVersions": true,
    "upstreamEnabled": true
}

And of course, a Bearer token to authenticate myself. That's the point where I'm confused.

What is the simplest way to obtain one ? I'm logged in through my company Microsoft AD account on my computer browser on Azure DevOps. I don't see any Bearer token that I can "steal" to use in PostMan in my browser dev tools.

The API docs described some relevant info, but I'm confused on how to use it in Postman :

Security oauth2

Type: oauth2

Flow: accessCode

Authorization URL: https://app.vssps.visualstudio.com/oauth2/authorize&response_type=Assertion

Token URL: https://app.vssps.visualstudio.com/oauth2/token?client_assertion_type=urn:ietf:params:oauth:client-assertion-type:jwt-bearer&grant_type=urn:ietf:params:oauth:grant-type:jwt-bearer

Scopes Name Description

vso.packaging_write Grants the ability to create and read feeds and packages.

Here is the interface in Postman for OAuth2:

Postman interface for setting up OAuth2

Ican see how the info in the docs relates to the fields 1 - 2 - 3 - 4, but then, what callback url should I use ? What credentials ? my Microsoft email + password from AD ?

I tried this, and all I seem to get is this from Postman :

{"$id":"1","innerException":null,"message":"A potentially dangerous Request.Path value was detected from the client (&).","typeName":"System.Web.HttpException, System.Web","typeKey":"HttpException","errorCode":0,"eventId":0}

TLDR

How do I properly proceed to get a token with Postman, or other tool to manually execute my one-time request to Azure DevOps REST API ?

notes :

Following info here : Unable to get Authorization code for Devops using Postman oAuth2.0 , leading here : https://github.com/Microsoft/azure-devops-auth-samples/tree/master/OAuthWebSample , I understand that I have to register and run a whole web application. Am I understanding this correctly ? I there a simpler way ?

1
oauthoauth-2.0postmanazure-devops-rest-api
@LeoLiu-MSFT Well, actually we won't create/host a webapp just for that, so for the moment we just found a workaround (i.e. duplicate our nuget packages into the feeds of the projects that are needed).Pac0

1 Answers

2
votes

I understand that I have to register and run a whole web application. Am I understanding this correctly ? I there a simpler way ?

Yes, you are right. You have to register whole web application.

As the interface in Postman for OAuth2, we need provide the CallbackUrl, ClientID, ClientSecret and so on. Then, we check the document Requesting an OAuth 2.0 token, we could to know the Callback URL is:

The client application callback URL redirected to after auth, and that should be registered with the API provider.

So, we have to register an OAuth client app in Azure DevOps (https://app.vsaex.visualstudio.com/app/register), then we could get the following information, like:

enter image description here

You could check the document Authorize access to VSTS REST APIs with OAuth 2.0 for some more details.

AFAIK, there is currently no simpler way to get a bearer token to send requests to the Azure DevOps API.

Hope this helps.