Forum Discussion
Trouble retrieving Authorization Code using Oauth2 in Azure devops
I'm trying use OAuth2 autentication method as microsoft learn expose in this url https://learn.microsoft.com/en-us/azure/devops/integrate/get-started/authentication/azure-devops-oauth?view=azure-devops
I attach a postman collection with params of registered app.
I notice that response of token endpoint https://app.vssps.visualstudio.com/oauth2/token I need get authorization code from endpoint https://app.vssps.visualstudio.com/oauth2/authorize ,when I send the POST request login page appear, write MFA code and then when it suppossed to get the code a 404 alert screen shown below.
These are registered app parameters
Attach client_id (application id on page) as client_id header, scope vso.build_execute,state foo and response_type Assertion as documentation mentioned, on oauth protocol official page of o headers labels differ of documentation, as example grant_type must be authorization_code not urn:ietf:params:oauth:grant-type:jwt-bearer (request accept this type) if I change it get the next response:
{"Error":"unsupported_grant_type","ErrorDescription":"grant_type must be the ietf jwt-bearer type, refresh_token, or client_credentials"}
Why https://app.vssps.visualstudio.com/oauth2/token does not support authorization-code grant type when protocol says it is mandatory??
https://www.oauth.com/oauth2-servers/access-tokens/authorization-code-request/
Anyway main trouble is about retrieve authorization code from https://app.vssps.visualstudio.com/oauth2/authorize?client_id=a7f5fffb-9645-4e14-8b16-7fb1cf37017d&response_type=Assertion&state=foo&scope=vso.build_execute
Attach postman collection on this post
{
"info": {
"_postman_id": "0c50a913-7913-4ad0-b180-dc89638dd530",
"name": "AZURE",
"schema": "https://schema.getpostman.com/json/collection/v2.1.0/collection.json",
"_exporter_id": "21601577"
},
"item": [
{
"name": "RUN PIPELINE USING OAUTH",
"protocolProfileBehavior": {
"disableBodyPruning": true
},
"request": {
"auth": {
"type": "oauth2",
"oauth2": [
{
"key": "client_authentication",
"value": "header",
"type": "string"
},
{
"key": "useBrowser",
"value": true,
"type": "boolean"
},
{
"key": "authRequestParams",
"value": [
{
"key": "response_type",
"value": "Assertion",
"enabled": true,
"send_as": "request_url"
},
{
"key": "state",
"value": "state",
"enabled": true,
"send_as": "request_url"
},
{
"key": "scope",
"value": "vso.build_execute",
"enabled": true,
"send_as": "request_url"
},
{
"key": "client_id",
"value": "A7F5FFFB-9645-4E14-8B16-7FB1CF37017D",
"enabled": true,
"send_as": "request_url"
},
{
"key": "redirect_url",
"value": "https://dev.azure.com/jose-carlosnavarro/TESTING/_apis/pipelines/1/runs?api-version=7.1-preview.1",
"enabled": false,
"send_as": "request_url"
},
{
"key": "client_secret",
"value": "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsIng1dCI6Im9PdmN6NU1fN3AtSGpJS2xGWHo5M3VfVjBabyJ9.eyJjaWQiOiJhN2Y1ZmZmYi05NjQ1LTRlMTQtOGIxNi03ZmIxY2YzNzAxN2QiLCJjc2kiOiIwODlhMWIxMy0xYzk4LTRlNjAtYTAwZi02NjI5ZTAwM2UyYmUiLCJuYW1laWQiOiI0YmVlYTYxMS04YWJlLTRhMTctOGRhMC1hMmJkNTQwOTVhNDYiLCJpc3MiOiJhcHAudnN0b2tlbi52aXN1YWxzdHVkaW8uY29tIiwiYXVkIjoiYXBwLnZzdG9rZW4udmlzdWFsc3R1ZGlvLmNvbSIsIm5iZiI6MTY5OTM2MjY0MSwiZXhwIjoxODU3MjE1NDQxfQ.1hZ3_j1B4maKfz_Hrwuds95P41uWR96GimYN-PEYFAM40LqeEtNop2PhQqTf6nDL8CZfeITGmqipsYYfL98jk61z_9jcGBkHLWu-6VpKNwPd8c7uqEIHHQeQvOocRijHtQnlHGLETSy5IzRs6csDWnvrjpZNAU4TrALecWVMiocHZF6wqYsyReRzvPNpynoSFQQoOlrPdDVqRjsL05nmnE2BIwlDPuKWK9kuzFBGuaAQ0fiykA57SWpcpyyPxVbMhBqEo-NvHPTqh2heQbSvsuBuVKzeLjNVuaFpcyb-R6TweGzS5dU1cHcRWnqWRxcPLPr1EpeEkRseOtg9q1EWjw",
"enabled": true,
"send_as": "request_url"
}
],
"type": "any"
},
{
"key": "tokenRequestParams",
"value": [
{
"key": "client_assertion_type",
"value": "urn:ietf:params:oauth:client-assertion-type:jwt-bearer",
"enabled": true,
"send_as": "request_header"
},
{
"key": "client_secret",
"value": "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsIng1dCI6Im9PdmN6NU1fN3AtSGpJS2xGWHo5M3VfVjBabyJ9.eyJjaWQiOiJhN2Y1ZmZmYi05NjQ1LTRlMTQtOGIxNi03ZmIxY2YzNzAxN2QiLCJjc2kiOiIwODlhMWIxMy0xYzk4LTRlNjAtYTAwZi02NjI5ZTAwM2UyYmUiLCJuYW1laWQiOiI0YmVlYTYxMS04YWJlLTRhMTctOGRhMC1hMmJkNTQwOTVhNDYiLCJpc3MiOiJhcHAudnN0b2tlbi52aXN1YWxzdHVkaW8uY29tIiwiYXVkIjoiYXBwLnZzdG9rZW4udmlzdWFsc3R1ZGlvLmNvbSIsIm5iZiI6MTY5OTM2MjY0MSwiZXhwIjoxODU3MjE1NDQxfQ.1hZ3_j1B4maKfz_Hrwuds95P41uWR96GimYN-PEYFAM40LqeEtNop2PhQqTf6nDL8CZfeITGmqipsYYfL98jk61z_9jcGBkHLWu-6VpKNwPd8c7uqEIHHQeQvOocRijHtQnlHGLETSy5IzRs6csDWnvrjpZNAU4TrALecWVMiocHZF6wqYsyReRzvPNpynoSFQQoOlrPdDVqRjsL05nmnE2BIwlDPuKWK9kuzFBGuaAQ0fiykA57SWpcpyyPxVbMhBqEo-NvHPTqh2heQbSvsuBuVKzeLjNVuaFpcyb-R6TweGzS5dU1cHcRWnqWRxcPLPr1EpeEkRseOtg9q1EWjw",
"enabled": true,
"send_as": "request_header"
},
{
"key": "grant_type",
"value": "client_credentials",
"enabled": true,
"send_as": "request_header"
},
{
"key": "assertion",
"value": "code",
"enabled": false,
"send_as": "request_header"
},
{
"key": "client_id",
"value": "a7f5fffb-9645-4e14-8b16-7fb1cf37017d",
"enabled": true,
"send_as": "request_body"
},
{
"key": "client_assertion",
"value": "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsIng1dCI6Im9PdmN6NU1fN3AtSGpJS2xGWHo5M3VfVjBabyJ9.eyJjaWQiOiJhN2Y1ZmZmYi05NjQ1LTRlMTQtOGIxNi03ZmIxY2YzNzAxN2QiLCJjc2kiOiIwODlhMWIxMy0xYzk4LTRlNjAtYTAwZi02NjI5ZTAwM2UyYmUiLCJuYW1laWQiOiI0YmVlYTYxMS04YWJlLTRhMTctOGRhMC1hMmJkNTQwOTVhNDYiLCJpc3MiOiJhcHAudnN0b2tlbi52aXN1YWxzdHVkaW8uY29tIiwiYXVkIjoiYXBwLnZzdG9rZW4udmlzdWFsc3R1ZGlvLmNvbSIsIm5iZiI6MTY5OTM2MjY0MSwiZXhwIjoxODU3MjE1NDQxfQ.1hZ3_j1B4maKfz_Hrwuds95P41uWR96GimYN-PEYFAM40LqeEtNop2PhQqTf6nDL8CZfeITGmqipsYYfL98jk61z_9jcGBkHLWu-6VpKNwPd8c7uqEIHHQeQvOocRijHtQnlHGLETSy5IzRs6csDWnvrjpZNAU4TrALecWVMiocHZF6wqYsyReRzvPNpynoSFQQoOlrPdDVqRjsL05nmnE2BIwlDPuKWK9kuzFBGuaAQ0fiykA57SWpcpyyPxVbMhBqEo-NvHPTqh2heQbSvsuBuVKzeLjNVuaFpcyb-R6TweGzS5dU1cHcRWnqWRxcPLPr1EpeEkRseOtg9q1EWjw",
"enabled": true,
"send_as": "request_body"
}
],
"type": "any"
},
{
"key": "tokenName",
"value": "code",
"type": "string"
},
{
"key": "grant_type",
"value": "authorization_code",
"type": "string"
},
{
"key": "clientSecret",
"value": "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsIng1dCI6Im9PdmN6NU1fN3AtSGpJS2xGWHo5M3VfVjBabyJ9.eyJjaWQiOiJhN2Y1ZmZmYi05NjQ1LTRlMTQtOGIxNi03ZmIxY2YzNzAxN2QiLCJjc2kiOiIwODlhMWIxMy0xYzk4LTRlNjAtYTAwZi02NjI5ZTAwM2UyYmUiLCJuYW1laWQiOiI0YmVlYTYxMS04YWJlLTRhMTctOGRhMC1hMmJkNTQwOTVhNDYiLCJpc3MiOiJhcHAudnN0b2tlbi52aXN1YWxzdHVkaW8uY29tIiwiYXVkIjoiYXBwLnZzdG9rZW4udmlzdWFsc3R1ZGlvLmNvbSIsIm5iZiI6MTY5OTM2MjY0MSwiZXhwIjoxODU3MjE1NDQxfQ.1hZ3_j1B4maKfz_Hrwuds95P41uWR96GimYN-PEYFAM40LqeEtNop2PhQqTf6nDL8CZfeITGmqipsYYfL98jk61z_9jcGBkHLWu-6VpKNwPd8c7uqEIHHQeQvOocRijHtQnlHGLETSy5IzRs6csDWnvrjpZNAU4TrALecWVMiocHZF6wqYsyReRzvPNpynoSFQQoOlrPdDVqRjsL05nmnE2BIwlDPuKWK9kuzFBGuaAQ0fiykA57SWpcpyyPxVbMhBqEo-NvHPTqh2heQbSvsuBuVKzeLjNVuaFpcyb-R6TweGzS5dU1cHcRWnqWRxcPLPr1EpeEkRseOtg9q1EWjw",
"type": "string"
},
{
"key": "clientId",
"value": "a7f5fffb-9645-4e14-8b16-7fb1cf37017d",
"type": "string"
},
{
"key": "addTokenTo",
"value": "header",
"type": "string"
},
{
"key": "authUrl",
"value": "https://app.vssps.visualstudio.com/oauth2/authorize",
"type": "string"
},
{
"key": "accessTokenUrl",
"value": "https://app.vssps.visualstudio.com/oauth2/token",
"type": "string"
},
{
"key": "state",
"value": "user1",
"type": "string"
},
{
"key": "scope",
"value": "vso.build_execute",
"type": "string"
}
]
},
"method": "GET",
"header": [
{
"key": "Authorization",
"value": "Bearer {{token}}",
"type": "text"
}
],
"body": {
"mode": "urlencoded",
"urlencoded": []
},
"url": {
"raw": "https://dev.azure.com/jose-carlosnavarro/TESTING/_apis/pipelines/1/runs?api-version=7.1-preview.1",
"protocol": "https",
"host": [
"dev",
"azure",
"com"
],
"path": [
"jose-carlosnavarro",
"TESTING",
"_apis",
"pipelines",
"1",
"runs"
],
"query": [
{
"key": "api-version",
"value": "7.1-preview.1"
}
]
}
},
"response": []
},
{
"name": "TOKEN ADO",
"protocolProfileBehavior": {
"disabledSystemHeaders": {}
},
"request": {
"auth": {
"type": "noauth"
},
"method": "POST",
"header": [
{
"key": "assertion",
"value": "572247",
"type": "text",
"disabled": true
},
{
"key": "client_id",
"value": "a7f5fffb-9645-4e14-8b16-7fb1cf37017d",
"type": "text",
"disabled": true
},
{
"key": "client_secret",
"value": "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsIng1dCI6Im9PdmN6NU1fN3AtSGpJS2xGWHo5M3VfVjBabyJ9.eyJjaWQiOiJhN2Y1ZmZmYi05NjQ1LTRlMTQtOGIxNi03ZmIxY2YzNzAxN2QiLCJjc2kiOiIwODlhMWIxMy0xYzk4LTRlNjAtYTAwZi02NjI5ZTAwM2UyYmUiLCJuYW1laWQiOiI0YmVlYTYxMS04YWJlLTRhMTctOGRhMC1hMmJkNTQwOTVhNDYiLCJpc3MiOiJhcHAudnN0b2tlbi52aXN1YWxzdHVkaW8uY29tIiwiYXVkIjoiYXBwLnZzdG9rZW4udmlzdWFsc3R1ZGlvLmNvbSIsIm5iZiI6MTY5OTM2MjY0MSwiZXhwIjoxODU3MjE1NDQxfQ.1hZ3_j1B4maKfz_Hrwuds95P41uWR96GimYN-PEYFAM40LqeEtNop2PhQqTf6nDL8CZfeITGmqipsYYfL98jk61z_9jcGBkHLWu-6VpKNwPd8c7uqEIHHQeQvOocRijHtQnlHGLETSy5IzRs6csDWnvrjpZNAU4TrALecWVMiocHZF6wqYsyReRzvPNpynoSFQQoOlrPdDVqRjsL05nmnE2BIwlDPuKWK9kuzFBGuaAQ0fiykA57SWpcpyyPxVbMhBqEo-NvHPTqh2heQbSvsuBuVKzeLjNVuaFpcyb-R6TweGzS5dU1cHcRWnqWRxcPLPr1EpeEkRseOtg9q1EWjw",
"type": "text",
"disabled": true
},
{
"key": "grant_type",
"value": "ietf jwt-bearer",
"type": "text",
"disabled": true
}
],
"body": {
"mode": "urlencoded",
"urlencoded": [
{
"key": "grant_type",
"value": "code",
"description": "GRANT TYPE DEFINIDO",
"type": "text"
},
{
"key": "client_id",
"value": "a7f5fffb-9645-4e14-8b16-7fb1cf37017d",
"type": "text"
},
{
"key": "client_assertion",
"value": "Ing1dCI6Im9PdmN6NU1fN3AtSGpJS2xGWHo5M3VfVjBabyJ9.eyJjaWQiOiJhN2Y1ZmZmYi05NjQ1LTRlMTQtOGIxNi03ZmIxY2YzNzAxN2QiLCJjc2kiOiIwODlhMWIxMy0xYzk4LTRlNjAtYTAwZi02NjI5ZTAwM2UyYmUiLCJuYW1laWQiOiI0YmVlYTYxMS04YWJlLTRhMTctOGRhMC1hMmJkNTQwOTVhNDYiLCJpc3MiOiJhcHAudnN0b2tlbi52aXN1YWxzdHVkaW8uY29tIiwiYXVkIjoiYXBwLnZzdG9rZW4udmlzdWFsc3R1ZGlvLmNvbSIsIm5iZiI6MTY5OTM2MjY0MSwiZXhwIjoxODU3MjE1NDQxfQ.1hZ3_j1B4maKfz_Hrwuds95P41uWR96GimYN-PEYFAM40LqeEtNop2PhQqTf6nDL8CZfeITGmqipsYYfL98jk61z_9jcGBkHLWu-6VpKNwPd8c7uqEIHHQeQvOocRijHtQnlHGLETSy5IzRs6csDWnvrjpZNAU4TrALecWVMiocHZF6wqYsyReRzvPNpynoSFQQoOlrPdDVqRjsL05nmnE2BIwlDPuKWK9kuzFBGuaAQ0fiykA57SWpcpyyPxVbMhBqEo-NvHPTqh2heQbSvsuBuVKzeLjNVuaFpcyb-R6TweGzS5dU1cHcRWnqWRxcPLPr1EpeEkRseOtg9q1EWjw",
"description": "CLIENT SECRET GENERADO AL REGISTRAR LA PALICACION",
"type": "text"
},
{
"key": "assertion",
"value": "NV1Ojxy7sz0UTNemw-UFh3efViRpWOZqEVwTBz9YPiPGemcM",
"description": "CODIGO QUE DEVUELVE EL REDIRECT URI DE AUTHORIZE ENDPOINT",
"type": "text"
},
{
"key": "client_assertion_type",
"value": "urn:ietf:params:oauth:client-assertion-type:jwt-bearer",
"type": "text"
},
{
"key": "client_secret",
"value": "Ing1dCI6Im9PdmN6NU1fN3AtSGpJS2xGWHo5M3VfVjBabyJ9.eyJjaWQiOiJhN2Y1ZmZmYi05NjQ1LTRlMTQtOGIxNi03ZmIxY2YzNzAxN2QiLCJjc2kiOiIwODlhMWIxMy0xYzk4LTRlNjAtYTAwZi02NjI5ZTAwM2UyYmUiLCJuYW1laWQiOiI0YmVlYTYxMS04YWJlLTRhMTctOGRhMC1hMmJkNTQwOTVhNDYiLCJpc3MiOiJhcHAudnN0b2tlbi52aXN1YWxzdHVkaW8uY29tIiwiYXVkIjoiYXBwLnZzdG9rZW4udmlzdWFsc3R1ZGlvLmNvbSIsIm5iZiI6MTY5OTM2MjY0MSwiZXhwIjoxODU3MjE1NDQxfQ.1hZ3_j1B4maKfz_Hrwuds95P41uWR96GimYN-PEYFAM40LqeEtNop2PhQqTf6nDL8CZfeITGmqipsYYfL98jk61z_9jcGBkHLWu-6VpKNwPd8c7uqEIHHQeQvOocRijHtQnlHGLETSy5IzRs6csDWnvrjpZNAU4TrALecWVMiocHZF6wqYsyReRzvPNpynoSFQQoOlrPdDVqRjsL05nmnE2BIwlDPuKWK9kuzFBGuaAQ0fiykA57SWpcpyyPxVbMhBqEo-NvHPTqh2heQbSvsuBuVKzeLjNVuaFpcyb-R6TweGzS5dU1cHcRWnqWRxcPLPr1EpeEkRseOtg9q1EWjw",
"type": "text",
"disabled": true
},
{
"key": "code",
"value": "238227",
"type": "text",
"disabled": true
}
]
},
"url": {
"raw": "https://app.vssps.visualstudio.com/oauth2/token",
"protocol": "https",
"host": [
"app",
"vssps",
"visualstudio",
"com"
],
"path": [
"oauth2",
"token"
]
}
},
"response": []
},
{
"name": "AUTHORIZE",
"event": [
{
"listen": "test",
"script": {
"exec": [
""
],
"type": "text/javascript"
}
}
],
"request": {
"method": "POST",
"header": [],
"url": {
"raw": "https://app.vssps.visualstudio.com/oauth2/authorize?client_id=a7f5fffb-9645-4e14-8b16-7fb1cf37017d&response_type=Assertion&state=user1&scope=vso.build_execute",
"protocol": "https",
"host": [
"app",
"vssps",
"visualstudio",
"com"
],
"path": [
"oauth2",
"authorize"
],
"query": [
{
"key": "client_id",
"value": "a7f5fffb-9645-4e14-8b16-7fb1cf37017d"
},
{
"key": "response_type",
"value": "Assertion"
},
{
"key": "state",
"value": "user1"
},
{
"key": "scope",
"value": "vso.build_execute"
},
{
"key": "redirect_uri",
"value": "https://app.vssps.visualstudio.com/oauth2/authorize",
"disabled": true
}
]
}
},
"response": []
}
]
}
I thank you very much for your help
Best Regards
No RepliesBe the first to reply
