Welcome to OStack Knowledge Sharing Community for programmer and developer-Open, Learning and Share
Welcome To Ask or Share your Answers For Others

Categories

0 votes
596 views
in Technique[技术] by (71.8m points)

python 3.x - Client Credentials Flow for Azure DevOps

I have been looking at this issue for days and I know from experience that I usually work these things out but this time I have hit a brick wall.

Scenario

I have a python app that gets instantiated inside an Azure DevOps YAML pipeline. The app calls the Azure DevOps REST API to create a repository

The app uses a PAT (personal access token) to authenticate

Firstly issue is, a personal access token is connected to me as a human user. If I leave the company the PAT will be revoked which is not good for an app that needs to run in a non-user context.

So now I want to setup my Python app to authenticate to the Azure DevOps REST API using client credentials flow.

My issue is, I can't find consistent information about this.

I have created an app in Azure DevOps:

enter image description here

My plan would be to get this all working in Postman and then port my finding to Python code. So really, I am looking for help with the setup I do in Postman and I can work the rest out myself in Python.

Many posts talk about Azure DevOps and Azure AAD (Azure Active Directory) together but, seeing as I create my app registration in Azure DevOps, as shown in the picture, I don't see why I would do anything in AAD. (Note, my Azure DevOps instance was created outside Azure. Azure knows nothing about my Azure DevOps instance)

Any pointers to the CORRECT information about how to do this would be good. And remember, I definitely need the client credentials type flow. There is no human interaction between my app and the Azure DevOps REST API.

Update

Here is what I have in Postman right now: enter image description here Note:

  • You can see the check boxes which I am using to toggle application/x-www-form-urlencoded key / value pairs on and off
  • the resource - 499b84ac-1321-427f-aa17-267ca6975798 is apparently the GUID for Azure DevOps and doesn't change
  • If I look inside the HTML from the 500 error I see this: Could not find partition for hostId: 499b84ac-1321-427f-aa17-267ca6975798 which is the DevOps resource GUID mentioned above.

And here is the 500 error I get from Azure Devops: enter image description here

It's all very confusing but I am sure I just need to tweak one or two things to get it working.

See Question&Answers more detail:os

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Answer

0 votes
by (71.8m points)

I want to use client_credential flow in Azure DevOps for the same reasons as you! Last time I spoke to support they told me it was planned for Q3 2020. Reviewing the roadmap I can't see it on there at the moment. I also couldn't see any feature requests currently raised on Dev Community so you could consider trying to raise the profile of this issue on there.


与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome to OStack Knowledge Sharing Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

...