Check if ADO token has expired for nuget feed authentication

Question

Currently anytime our build runs locally, we first remove the configured ADO nuget feed:

nuget sources remove -name OurFeed

We then use the Credential Provider to give us a new token, and re-create the feed with this:

$feed = "https://pkgs.dev.azure.com/ourfeed/_packaging/ourfeed/nuget/v3/index.json"
$creds = (& CredentialProvider.VSS.exe -U $feed | ConvertFrom-Json)
Exec { & nuget sources add -name OurFeed -username $creds.Username -password $creds.Password -storepasswordincleartext -source $feed }

Of course it's quite inefficient to do this every build. The reason we do it is because we need to ensure the ADO authentication token hasn't expired before building our projects.

Is there some clever way we can (very quickly) check if the feed token is still valid before doing this?

Answer 1

Is there some clever way we can (very quickly) check if the feed token is still valid before doing this?

We could use the REST API Personal Access Tokens - List to lists of all the session token details of the personal access tokens (PATs) for a particular user:

GET https://vssps.dev.azure.com/{organization}/_apis/tokenadmin/personalaccesstokens/{subjectDescriptor}?api-version=5.0-preview.1

To get the parameter subjectDescriptor, we could use following REST API with the PAT of the particular user, it will return the subjectDescriptor of that particular user:

https://dev.azure.com/{ORGANISATION_NAME}/_apis/connectionData

Then use the Personal Access Tokens - List to get the detail info about the PAT:

In this case, we could create a script to verify the validTo value.