CODEWITHSUNDEEP
restoauthnode-modulesazure-pipelines-build-taskazure-devops-rest-api
Lalindu
Lalindu

Reputation: 349

Authenticate REST API with OAuth in VSTS/TFS 2017

I am trying to authenticate REST call with OAuth, but I couldn't find any sample regarding this. Please be kind enough to guide me on this ( provide sample).

I am referring below documentation from Microsoft.

https://www.visualstudio.com/en-us/docs/integrate/get-started/rest/basics

I can authenticate this using NTLM (below is the sample I use) . There is node library available for same (https://www.npmjs.com/package/httpntlm). But I need something similar for OAuth. 

httpntlm.patch(options, function(err,res) {
            console.log("patch complete");
            console.log(res.body);
})

Upvotes: 3

Views: 4470

Answers (2)

Nikheel
Nikheel

Reputation: 225

I am not sure of the technologies you are using to achieve this but if your application is .Net/ .Net Core MVC application then Microsoft has provided sample code for the same: VSTS Sample Code C#

However, if your application is like mine, SPA (on angular) and .Net Core back end then there is no document clearly describing which parts should go where and how to achieve OAuth flow in such case. To answer that, i have achieved this in following way:

  1. Register your app on VSTS with call back url pointing to a call back route on your UI application.
  2. Add a Authorize function on your backend to make a call to VSTS authorize endpoint.
  3. Have a button/ link on UI where you would like to connect to VSTS API, have this pointed to Authorize function on backend. Reason for making a call to vsts authorize endpoint from backend and not ui is that, vsts authorize returns a 302 redirect response and angular 4+ is still having a clear way to handle this. .Net MVC has redirectreult method which handles it very well.
  4. Once call to authorize is made, you will be presented with Accept/Deny screen showing all the scopes.
  5. Once user accepts it, he will redirected to callback url which is pointing to your UI.
  6. Get the auth code from the callback url in UI, extract code and pass it on to API.
  7. API will make a call to vsts token endpoint by passing Auth code and client secret.
  8. API will receive the Auth Token and Refresh Token.
  9. Use auth token to make VSTS api calls and persist the refresh token (There are many articles mentioning how to deal with tokens safely).

Thats it, OAuth flow can be achieved in Angular and .Net Core in above way.

Please note, this is something not documented by microsoft so there might be flaws in this approach which i am open to learn and rectify.

Please comment to get sample repo.

Upvotes: 0

PatrickLu-MSFT
PatrickLu-MSFT

Reputation: 51183

You could be able to Authorize access to REST APIs with OAuth 2.0 in VSTS. It's only available with VSTS for now, TFS2017 is not support. You could also check this question: TFS 2015 REST API Authentication. And there has been a related uservoice.

First, you'll register your web app and get an app ID from Visual Studio Team Services. Using that app ID, you'll send your users to Visual Studio Team Services to authorize your app to access their accounts there. Once they've done that, you'll use that authorization to get an access token for that user. When you call Visual Studio Team Services APIs on behalf of that user, you'll use that user's access token.

enter image description here

A C# sample that implements OAuth to call Visual Studio Team Services REST APIs in GitHub for your reference: vsts-dotnet-oauth-sample

Upvotes: 4

Related Questions