CODEWITHSUNDEEP
azure-devopstfstf-cli
Thomas Woelfer
Thomas Woelfer

Reputation: 623

How to run "tf get" without ui prompting for credentials

I have a bat file that runs "tf get" automatically once each day. I'm logging in using /login with a PAT. That works. However, after a couple of days (7?), i receive the message "You are not authorized to access [severname].visualstudio.com.

In that case, i need to call "tf get" (without any parameters) which will then display a login ui where i have to enter my actual username and password. After having logged in, my script runs successfully for a couple of day after which i end up with the "no authorized" message again.

I would like to be able to run a "tf get" without any ui prompting for credentials. How can i do this?

Upvotes: 1

Views: 195

Answers (1)

Alvin Zhao - MSFT
Alvin Zhao - MSFT

Reputation: 6222

If one Azure DevOps organization is connected an AAD, the users in this organization should have the mapping User Principals in AAD. In addition, we cannot only add User Principals of the connected AAD into our DevOps organization, but also add Service Principals.

enter image description here

Similar to the User Principals in a DevOps organization, Service Principals should receive user licenses (Basic) and sufficient permissions to access the TFVC repo.

Here is the sample Azure CLI command running in CMD that we can use to authenticate against a Service Principal in my DevOps organization, generate the AAD token to access Azure DevOps resource for this Service Principal and use this Oauth token as the credential for tf get command. I succeeded to get the TFVC repo updates from server with this methods.

set TenantId=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
set ApplicationId=yyyyyyyy-yyyy-yyyy-yyyy-yyyyyyyyyyyy
set ClientSecret=sn~*********D-_************CXa8r
az login --service-principal --username %ApplicationId% --password %ClientSecret% --tenant %TenantId%

set azureDevopsResourceId=499b84ac-1321-427f-aa17-267ca6975798
for /f %i in ('az account get-access-token --resource %azureDevopsResourceId% --query "accessToken" --output tsv') do set token=%i
echo token is %token%

tf get /loginType:OAuth /login:.,%token%

enter image description here enter image description here Here is the document for more details.

Upvotes: 0

Related Questions