giuliov
commented
7 years ago In this case is clearly the Aggregator Web Service that cannot connect to VSTS. Try using a PAT with Full Access and then trim down the token permissions.
Closed bryder08 closed 7 years ago
giuliov
commented
7 years ago In this case is clearly the Aggregator Web Service that cannot connect to VSTS. Try using a PAT with Full Access and then trim down the token permissions.
bryder08
commented
7 years ago Hello The PAT is currently 'Authorized Scopes: All Scopes'. The documentation suggests NOT using 'Selected Scopes' due to issues. Please could you clarify the suggestion?
giuliov
commented
7 years ago @bryder08 at the initial stages I was able to use a narrower scope, but some change in VSTS broke it and I had no time to find the new requirements.
bryder08
commented
7 years ago @giuliov were you able to authenticate previously with All Scopes? If so, would you be able to post an example policy file to ensure I have the correct parameters?
giuliov
commented
7 years ago Yes and AFAIK other people was able e.g. @colindembovsky
bryder08
commented
7 years ago Hi there, I just wanted to let you guys know that I've resolved the issue by creating the subscriptions using PowerShell. I previously used the instructions in the guide to manually create them. There appears to be something extra/different applied using the PowerShell script. Authentication with PAT if fine now. Thanks for your suggestions @giuliov .
Hello,
Firstly, thankyou for all the hard work porting this tool to run using web hooks, team services is currently very limited in it's customisation options and this tool would really help us.
We have setup the web hooks version of TFSAggregator on an Azure WebApp as per the documentation here . Our initial goal is to have TFSAg carry out a rollup of effort scores on child work items to the parent whenever the children are updated.
Whilst we do have team services and the aggregator web app talking, it's appears from the TFSAg log that whenever TFSAg attempts to connect back to team services it is receiving an authentication error. Error: TF30063: You are not authorized to access [OurVSTSAccountName].visualstudio.com
We have a PAT configured in the policy that is active and the PAT's team services account has project admin level permissions. The .visualstudio.com address TFSAg is connecting back to is correct.
Is there anything else we need to add to the policy/web.config in TFSAg to authenticate successfully with team services (that isn't listed in the documentation? Any help would be greatly appreciated.
web.config, policy file and error snippets attached.