I'm trying to do a service to service ADO REST call, from my application to ADO, on behalf of the application, not the user logged in to it.
Microsoft provide REST APIs to do things like create a release pipeline. See here:
The documentation is really confusing here, as it refers to the Oauth 2 flow as being "accessCode" which as far as I can see, isn't the name of any valid type of flow.
In the main docs for calling APIs
it says that the request body should be like this:
client_assertion_type=urn:ietf:params:oauth:client-assertion-type:jwt-bearer&client_assertion={0}&grant_type=urn:ietf:params:oauth:grant-type:jwt-bearer&assertion={1}&redirect_uri={2}
where
{0}: URL encoded client secret acquired when the app was registered
{1}: URL encoded "code" provided via the code query parameter to your callback URL
{2}: callback URL registered with the app
This is at odds with the documentation for creating a release (first link) which says:
Type: oauth2 Flow: accessCode
Authorization URL: https://app.vssps.visualstudio.com/oauth2/authorize&response_type=Assertion
So firstly, does anyone know which documentation is right, the first or the second ?
And secondly, how do I make a service to service to call from my application, to call these API's on behalf of the the application, rather than the user ?
I don't want the users of the application to have permissions to create a release within the app as many will not even be ADO users, let alone have permissions to create releases.
I would have thought that the API would support an Oauth 2 grant type of client_credentials (authorization code grant) but I can't see any examples of this in the documentation for ADO REST services.
