I am working on script where I need to find if PAT has full scope or not.
I found following information In Microsoft Docs -
Using this API I can find all the PATS and their names , scope and more details for particular user.
I do not want to pass PAT name in script and then find out scope for it.
I want to use PAT token and return scope for the given PAT token
Is there any API available to achieve this ?
I do not want to pass PAT name in script and then find out scope for it.
I want to use PAT token and return scope for the given PAT token
I am afraid there is no such way to return PAT scope via PAT token instead of PAT name at this moment.
Just as return of the REST API Personal Access Tokens - List:
{
"clientId": "00000000-0000-0000-0000-000000000000",
"accessId": "439729fa-be4e-49b2-8530-263cf053d786",
"authorizationId": "a451306e-621d-4a6c-8c54-9096493a40f9",
"hostAuthorizationId": "00000000-0000-0000-0000-000000000000",
"userId": "c1b9603c-da3a-410e-9e59-074dcee61dcc",
"validFrom": "2021-01-07T00:00:00",
"validTo": "2021-02-06T00:00:00",
"displayName": "TestPATA1",
"scope": "app_token",
"targetAccounts": [
"c519b80d-5d71-46b3-a8e0-3edf8c026ea2"
],
"token": null,
"alternateToken": null,
"isValid": true,
"isPublic": false,
"publicData": null,
"source": null,
"claims": null
},
The response body does not contain the value of the PAT token, therefore, we could associate the value of the PAT token with each PAT.
On the other hand, when we create the PAT, we will receive the message:
Warning - Make sure you copy the above token now. We don't store it and you will not be able to see it again.
For security reasons, Azure devops does not save the PAT value we created. Therefore, there will not be any attributes such as saving or recording the PAT value in Azure devops, so we could not use PAT token as a judgment condition.
