Extension Authentication at external Service

Hi Moritz_Second,

there are several methods to authenticate a user in an Azure DevOps extension and link their authentication to an external service using an app registration.

Here are two common approaches (methodes):

Method 1: OAuth 2.0 Provider for Azure Pipelines:

1. App Registration Setup:

   • Start by creating an app registration in Azure Active Directory, and obtain the client ID and client secret.

2. Extension Configuration:

   • Configure the OAuth 2.0 provider within your Azure DevOps extension.

3. User Authentication:

   • Your extension can now authenticate the user with the external service using OAuth 2.0, which is supported by many services like GitHub, Azure Active Directory, and Google.

4. Access Token Usage:

   • Once the user is authenticated, your extension can acquire an access token, which allows it to make requests to the external service on the user's behalf.

Method 2: Azure DevOps Service Endpoint Framework:

1. Service Endpoint Definition:

   • Create a service endpoint definition for the external service within Azure DevOps.

2. Azure AD Configuration:

   • Configure this service endpoint definition to use the app registration you created in Azure Active Directory.

3. Service Endpoint Connection:

   • Establish a service endpoint connection to the external service.

4. User Authentication:

   • Your extension can use this service endpoint connection to authenticate the user to the external service.

5. Access Token Usage:

   • Similar to the OAuth approach, you can obtain an access token and employ it to make requests to the external service on behalf of the user.

The choice between these methods depends on the specific needs of your extension. If your external service doesn't support the OAuth 2.0 protocol, you may opt for the service endpoint framework. However, if OAuth 2.0 is supported, you can choose either method.