Clone git with workload/ federated identity

Question

I currently use a service connection of type Azure Repos/Team Foundation Server service connection. Currently this uses a PAT which I wish to eliminate.

My goal is a clone a git repository hosted on an Azuredevops completely different tenant (see below for code)

Is there a way to replace Azure Repos/Team Foundation Server service connection with Federated identity so that a clone can be done across tenants? On a similar post, we had figured out how to do this with bash, service principal and password, but now that workload identity is released it will be good to eliminate the client_secret completely.

Current Code

resources:
  repositories:
  - repository: iac
    type: git
    name: project/iac
    ref: "master"
    endpoint: xxx_git

Answer 1

This is not yet possible. Federated identity is so far supported only for Azure Resource Manager service connection and followign built-in tasks

AzureAppServiceManage, AzureAppServiceSettings, AzureCLI, AzureCloudPowerShellDeployment, AzureContainerApps, AzureFunctionAppContainer, AzureFunctionApp, AzureKeyVault, AzureMonitor, AzureMysqlDeployment, AzurePolicy, AzurePowerShell, AzureResourceGroupDeployment, AzureResourceManagerTemplateDeployment, AzureRmWebAppDeployment, AzureSpringCloud, AzureVmssDeployment, AzureWebAppContainer, AzureWebApp, DockerCompose, Docker, HelmDeploy, InvokeRestApi, JavaToolInstaller, JenkinsDownloadArtifacts, Kubernetes.

Info about you can find here.

We can expect to have this extended in the future but now this is the limitation.