Configuring OAuth 2.0 for Microsoft Azure DevOps Services

To enable users to work with a remote Git repository that is hosted on Microsoft Azure Repos:

  1. Set up the Microsoft Azure DevOps Services OAuth App (OAuth 2.0).

  2. Apply the Microsoft Azure DevOps Services OAuth App Secret.

Setting up the Microsoft Azure DevOps Services OAuth App

Set up a Microsoft Azure DevOps Services OAuth App using OAuth 2.0.

Prerequisites
Procedure
  1. Visit https://app.vsaex.visualstudio.com/app/register/.

  2. Enter the following values:

    1. Company name: Che

    2. Application name: Che

    3. Application website: https://<che_fqdn>/

    4. Authorization callback URL: https://<che_fqdn>/api/oauth/callback

  3. In Select Authorized scopes, select Code (read and write).

  4. Click Create application.

  5. Copy the App ID and encode it to Base64 for use when applying the Microsoft Azure DevOps Services OAuth App Secret:

    $ echo -n '<microsoft_azure_devops_services_oauth_app_id>' | base64
  6. Click Show to display the Client Secret.

  7. Copy the Client Secret and encode it to Base64 for use when applying the Microsoft Azure DevOps Services OAuth App Secret:

    $ echo -n '<microsoft_azure_devops_services_oauth_client_secret>' | base64 -w 0

Applying the Microsoft Azure DevOps Services OAuth App Secret

Prepare and apply the Microsoft Azure DevOps Services Secret.

Prerequisites
  • Setting up the Microsoft Azure DevOps Services OAuth App is completed.

  • The Base64-encoded values, which were generated when setting up the Microsoft Azure DevOps Services OAuth App, are prepared:

    • App ID

    • Client Secret

  • An active kubectl session with administrative permissions to the destination Kubernetes cluster. See Overview of kubectl.

Procedure
  1. Prepare the Secret:

    kind: Secret
    apiVersion: v1
    metadata:
      name: azure-devops-oauth-config
      namespace: eclipse-che(1)
      labels:
        app.kubernetes.io/part-of: che.eclipse.org
        app.kubernetes.io/component: oauth-scm-configuration
      annotations:
        che.eclipse.org/oauth-scm-server: azure-devops
    type: Opaque
    data:
      id: <Base64_Microsoft_Azure_DevOps_Services_OAuth_App_ID>(2)
      secret: <Base64_Microsoft_Azure_DevOps_Services_OAuth_Client_Secret>(3)
    1 The Che namespace. The default is eclipse-che.
    2 The Base64-encoded Microsoft Azure DevOps Services OAuth App ID.
    3 The Base64-encoded Microsoft Azure DevOps Services OAuth Client Secret.
  2. Apply the Secret:

    $ kubectl apply -f - <<EOF
    <Secret_prepared_in_the_previous_step>
    EOF
  3. Verify in the output that the Secret is created.

  4. Wait for the rollout of the Che server components to be completed.