0

i have some problems trying to use a bearer token when calling a rest api.

I tried two methods with the same result:

Method 1

I created an app registration in the azure portal, and gave it permissions to use devops api with user impersonation.

Method 2

I created an app in https://app.vsaex.visualstudio.com/ and gave it project/teams management permission.

Code

For my code, i used this (works when i use PAT to authenticate)

import requests
ADOtoken = 'obtained by microsoft example'
org = 'myorg'
projectName = 'test'
headers = {"Authorization": f"Bearer {ADOtoken}"}
requesturl = f"https://dev.azure.com/{org}/_apis/projects?api-version=6.0"
data  = {
                "name": projectName,
                "description": "description is requred",
                "capabilities": {
                    "versioncontrol": {
                    "sourceControlType": "Git"
                    },
                    "processTemplate": {
                    "templateTypeId": "6b724908-ef14-45cf-84f8-768b5384da45"
                    }
                }
            }
r = requests.post(requesturl, json = data, headers=headers)

Getting the token

I get the token by using this example: https://learn.microsoft.com/en-us/azure/active-directory/develop/quickstart-v2-python-webapp

I changed the scope to ['https://app.vssps.visualstudio.com/user_impersonation']

expected result

I expected to get an error to debug, or the project to be created

actual result

I get a 203 (redirect) and content is the azure devops login site

Improve this question
0

2 Answers 2

Reset to default
2

Generate bearer token to invoke devops api, it works for me.

Add api permission on portal.

enter image description here

My test code:

import requests
import json

# get beartoken
beartoken=''

client_id = '<your_clientid>'
client_secret = '<your_secret>'
aadTenantDomain='<your_aadTenantDomain_like_microsoft.onmicrosoft.com>'
token_url = 'https://login.microsoftonline.com/'+aadTenantDomain+'/oauth2/token'
token_data = {
    'grant_type': 'client_credentials',
    'client_id': client_id,
    'client_secret': client_secret,
    'resource':'https://app.vssps.visualstudio.com/',
}
token_r = requests.get(token_url, data=token_data)
d = json.loads(token_r.text)
beartoken= d['access_token']
print(beartoken)

# request devops api for test

url='https://dev.azure.com/jasonp2deploy/deployappwithvirtualapp/_apis/build/builds?api-version=5.0'
body = "{\"previewRun\":false,\"stageToSkip=\": [],\"resources\": [], \"templateParameters\": [], \"variables\": []}"

headers = {
    'Authorization' : 'Bearer '+beartoken
}

r = requests.get(url, data=json.dumps(body), headers=headers)
print(r.status_code)

My test result:

enter image description here

Method 2

If you also want to use pat, you can refer my answer in below post.

How to solve azure devop api Object Moved result in python

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

Azure AD graph has been deprecated what are the other methods ?
0

I tried this method, the token is created but then the API returns a 203 error. The doc indicates that it is not supported. Did you configure anything else in azure devops? connected to a corporate organization.

The Azure DevOps API doesn't support non-interactive service access via service principals yet, although it is on the roadmap. If you need to call the Azure DevOps API from a non-interactive application (where an end user cannot authenticate interactively, such as a background job), it should use a personal access token (PAT)

Q: Why can't one of my service accounts access the Azure DevOps REST API? A: Your service account may not have "materialized." Since signing in isn't possible with a service account that doesn't have interactive signing in permissions, check out this work-around.

src: https://learn.microsoft.com/en-us/azure/devops/integrate/get-started/authentication/authentication-guidance?toc=%2Fazure%2Fdevops%2Fmarketplace-extensibility%2Ftoc.json&bc=%2Fazure%2Fdevops%2Fmarketplace-extensibility%2Fbreadcrumb%2Ftoc.json&view=azure-devops

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.