Granting service accounts access to AzureDevOps

Question

I'm wondering what is the correct way to grant service accounts access to AzureDevOps. Ex: access to source code, API's, etc.

Since "Basic Authentication" was deactivated, I've been using personal access tokens but it seems awkward to login using a service account, generating the PAT, and so on. Also, since they are limited in time, we have to ensure renewal schedules/reminders for each connexions.

I am on the wrong track? Is there a more "natural" way to do it? Is SSH more adapted for this?

I've found this guide which helps but I can't find how (for example) granting a third-party application access to a project's repository. https://learn.microsoft.com/en-us/azure/devops/integrate/get-started/authentication/authentication-guidance?view=azure-devops

PS: Service Connections and Service Hooks are not what I'm looking for.

Answer 1

What you are looking for probably is OAuth 2.0 Client Credentials Flow for Azure DevOps. Unfortunately Client Credentials Flow is not yet supported on Azure DevOps. See this thread Client Credentials Flow for Azure DevOps.

But, You can check out OAuth 2.0 auth code flow,which is now supported on Azure Devops. Please check out this detailed tutorial Authorize access to REST APIs with OAuth 2.0. This is an example to implement OAuth 2.0 auth code flow.

There are also Codes samples provided in above web link you mentioned in the question. You can checkout these samples to learn their authentication mechanism, and choose one that suits you most.