private async Task <ICredential> GeneratePersonalAccessTokenAsync(InputArguments input) { ThrowIfDisposed(); // We should not allow unencrypted communication and should inform the user if (StringComparer.OrdinalIgnoreCase.Equals(input.Protocol, "http")) { throw new Exception("Unencrypted HTTP is not supported for Azure Repos. Ensure the repository remote URL is using HTTPS."); } Uri remoteUri = input.GetRemoteUri(); Uri orgUri = UriHelpers.CreateOrganizationUri(remoteUri, out _); // Determine the MS authentication authority for this organization _context.Trace.WriteLine("Determining Microsoft Authentication Authority..."); string authAuthority = await _azDevOps.GetAuthorityAsync(orgUri); _context.Trace.WriteLine($"Authority is '{authAuthority}'."); // Get an AAD access token for the Azure DevOps SPS _context.Trace.WriteLine("Getting Azure AD access token..."); IMicrosoftAuthenticationResult result = await _msAuth.GetTokenAsync( authAuthority, GetClientId(), GetRedirectUri(), AzureDevOpsConstants.AzureDevOpsDefaultScopes, null); _context.Trace.WriteLineSecrets( $"Acquired Azure access token. Account='{result.AccountUpn}' Token='{{0}}'", new object[] { result.AccessToken }); // Ask the Azure DevOps instance to create a new PAT var patScopes = new[] { AzureDevOpsConstants.PersonalAccessTokenScopes.ReposWrite, AzureDevOpsConstants.PersonalAccessTokenScopes.ArtifactsRead }; _context.Trace.WriteLine($"Creating Azure DevOps PAT with scopes '{string.Join(", ", patScopes)}'..."); string pat = await _azDevOps.CreatePersonalAccessTokenAsync( orgUri, result.AccessToken, patScopes); _context.Trace.WriteLineSecrets("PAT created. PAT='{0}'", new object[] { pat }); return(new GitCredential(result.AccountUpn, pat)); }
public override async Task <ICredential> GenerateCredentialAsync(InputArguments input) { // We should not allow unencrypted communication and should inform the user if (StringComparer.OrdinalIgnoreCase.Equals(input.Protocol, "http")) { throw new Exception("Unencrypted HTTP is not supported for Azure Repos. Ensure the repository remote URL is using HTTPS."); } Uri orgUri = UriHelpers.CreateOrganizationUri(input); Uri remoteUri = input.GetRemoteUri(); // Determine the MS authentication authority for this organization Context.Trace.WriteLine("Determining Microsoft Authentication Authority..."); string authAuthority = await _azDevOps.GetAuthorityAsync(orgUri); Context.Trace.WriteLine($"Authority is '{authAuthority}'."); // Get an AAD access token for the Azure DevOps SPS Context.Trace.WriteLine("Getting Azure AD access token..."); string accessToken = await _msAuth.GetAccessTokenAsync( authAuthority, AzureDevOpsConstants.AadClientId, AzureDevOpsConstants.AadRedirectUri, AzureDevOpsConstants.AadResourceId, remoteUri); Context.Trace.WriteLineSecrets("Acquired access token. Token='{0}'", new object[] { accessToken }); // Ask the Azure DevOps instance to create a new PAT var patScopes = new[] { AzureDevOpsConstants.PersonalAccessTokenScopes.ReposWrite, AzureDevOpsConstants.PersonalAccessTokenScopes.ArtifactsRead }; Context.Trace.WriteLine($"Creating Azure DevOps PAT with scopes '{string.Join(", ", patScopes)}'..."); string pat = await _azDevOps.CreatePersonalAccessTokenAsync( orgUri, accessToken, patScopes); Context.Trace.WriteLineSecrets("PAT created. PAT='{0}'", new object[] { pat }); return(new GitCredential(Constants.PersonalAccessTokenUserName, pat)); }