search

JupiterOne-Archives / graph-azure-devops

A graph conversion tool for https://azure.microsoft.com/en-us/services/devops/
Mozilla Public License 2.0
0 stars 5 forks source link

Document process for OAuth2 onboarding flow #2

Open aiwilliams opened 3 years ago

aiwilliams commented 3 years ago

It seems there is an OAuth2 flow that could be implemented to avoid use of personal access tokens.

kevincasey1222 commented 3 years ago

Microsoft's guidance for REST APIs for ADO using Oauth looks fairly complete, but Microsoft offers many other options for ADO authentication. Perhaps some more experienced folks could sort through the choices in that second list and see what is best.

In any event, the Oauth path involves registering the J1 app with Microsoft, and then getting authorization from the end user when they use it. I could very well be reading it wrong, but it looks like it's meant to be interactive with the user, whereas some of the other authentication options are designed for automation and background tasks. I wondered about the possibility of using the Device Profile option, unless it's impossible to identify the requesting device on the J1 side because it's coming from a cloud service.

mknoedel commented 3 years ago

This would be done using this oAuth2 and it doesn't seem too difficult I think.